Guarding against cyberattcks – infrastructure, policies needed experts say

Calls for proper infrastructure and legislation pertaining to cybersecurity were made by president of the TT Chamber of Industry and Commerce Kiran Maharaj and director and professor of computer engineering at Caribbean Cybersecurity Institute Dr Yufei Wu, who is assigned to the University of TT.

This comes after the Office of the Attorney General and the Ministry of Legal Affairs fell victim to a cyberattack on July 7, which resulted in disrupted operations and of other associated divisions.

Aside from the local attacks, Wu also became worried after reading about a cyberattack in Martinique that started on May 16, disrupting internet services, several government offices and education services, and only resumed operations on June 1.

Maharaj said the ministry's cyberattack, though it may have interfered with operations at the ministry, should not impede the development of TT's progressive digital business eco-systems and online service channels.

“There is a concern of breach of private details and information from individuals and entities. Therefore, the issue questions the robust nature of the digital infrastructure at our government institutions, which may need to be reviewed. "Having said this, cybersecurity is a necessary aspect of our digital lives – public sector, private sector and citizens. This is why the TT Chamber instituted its digital committee as it focuses on improving, embracing and employing digital solutions as we adapt to our cyber environment,” Maharaj said in an e-mail correspondence with Business Day on Wednesday.

Wu added that the critical infrastructures – health sector, public utilities sector and the Legal Affairs Ministry among other infrastructures of the same nature – in TT needed attention as they would hold sensitive information.

Referring to the Federal Information Security Management Act of 2002 – a US federal law that lays out a comprehensive framework to protect government information, operations and assets against natural and man-made threats – Wu said this needed to be borrowed by government, but of course, steps must be taken to ensure it suited local culture and could protect the country in cyberspace.

In a Zoom interview with Business Day on Wednesday, Wu said, “Government and public sectors should have top-level cybersecurity and governance. So below that they should have a cybersecurity management team, seamlessly integrated, and below that there should be implementation and monitoring of functionalities.”

He also suggested cybersecurity and data security features in the form of a policy or regulation for people to follow.

Cyberspace, he said, is something that needs a lot of attention placed on it, especially as the boundary between the cyber-world and the physical world is blurring and cashless transactions are becoming a norm.

“Your data, everything will be in cyberspace and a larger per cent of government funding should be towards it. Not just the physical stuff, your desktop and stuff. We need to change our mentality on cyberspace because when there is something that people cannot see, smell or touch, they say that it is not real or that it has nothing to do with them. But the government’s best asset is the cyberspace.”

As for the chamber, Maharaj said a multi-pronged approach to cybersecurity should be enforced. This includes information security governance, ensuring threats and vulnerabilities for critical systems and end-user devices are mitigated with the appropriate security technology, operational security through proactive patch management, penetration and vulnerability systems testing, continuous employee and stakeholder cybersecurity awareness training, and business continuity and response plans developed in the event of a breach.

Maharaj said, “Cybersecurity threats and attacks happen daily. However, what is essential is having the appropriate cybersecurity posture and steps in place as described previously to mitigate these threats.”

She said through the chamber’s recently formed digital business and technology committee, the aim is to keep its members informed of the ever-evolving threats and to have awareness of potential cybersecurity solutions.

Maharaj added, “Most importantly, cybersecurity threats should not suppress the innovation, agility and competitiveness that digital solutions and services brings to business. Knowledge is power and being informed and understanding how to implement the precautionary steps has to become second nature.”

Following Maharaj's comments on educating the public on the cyberspace, Wu said training is critical if TT wants to continue with digitising society.

“We need to have a broad awareness education programme. For mass employees, they are not doing anything (related to) cyber or information communication technology (ICT), but they must be aware of potential threats. But training must be an ongoing process and all new employees should undergo a training process.”

Neither Maharaj nor Wu could give an exact figure of the financial needed to support cybersecurity, but Wu mentioned that the first thing that should be looked at is the legal framework to protect the country’s sensitive data.

Maharaj said, “We do not have this data as a collective from our membership. However, as a stand-alone entity, a significant portion of the chambers ICT budget is allocated towards security and this is continuously reviewed in-line with the recommendations arising from our information security plans.

“We currently do not get direct support under the theme of cybersecurity. But we do have a relationship with the Ministry of Digital Transformation and support may come in the form of knowledge transfer and collaboration."

Wu added that the cyberspace is also profitable for the country, and touched on a developers’ hub – D’Hub – launched by the Digital Transformation Ministry in June for upcoming developers and those interested in the craft. He said from that TT can produce top developers and even software for purchase worldwide without having to buy from international software-development companies.

The benefits of this space would be a boost in economic growth and development; increased generation of foreign exchange and reduction of foreign exchange; job creation and expansion; reduced reliance on buying imported software solutions; enhancing TT’s digital transformation journey; and improving government e-services.

Recently, the Ministry of Trade and Industry launched its new and enhanced TTBizLink for manufacturers and now provides 24/7 access to over 40 trade and business-related government services, 23 government agencies across eight ministries. It has registered 4,623 companies, 36,914 people and 399 approvers on the system.