Cyber threat is real

ON OCTOBER 9, cyber attackers attempted to access the systems of the nation’s leading full-service telecommunications provider, the Telecommunications Service of TT (TSTT). The threat was evidently serious enough to trigger TSTT’s incident response processes which were swiftly activated, according to a statement from the company. Furthermore, immediate steps were taken to minimise security vulnerability and to isolate systems and applications. These systems were quarantined, rebuilt and put back into production. TSTT engaged cybersecurity experts to investigate. And it implemented additional security measures and protocols.

For TSTT, it was just another day at the office.

The initial, terse reaction of Minister of Public Utilities Marvin Gonzales when asked about reports of a ransomware attack on TSTT (“It was not true,” he simply said) likely reflected more than just a presumed confidence and faith in the impregnability of the State’s telecommunications systems, but also the perception that such attacks are so common they have become run-of-the-mill.

“Cyber threats of this nature are a continuous feature of modern digital operating systems, and telecommunications infrastructure is no exception to these threats and incursions,” TSTT noted this week. “TSTT has continuously invested resources in the millions of dollars in its processes and IT infrastructure to protect its systems and the data it produces and stores.”

This expenditure alone, the increasing prevalence of these incidents, and the serious implications of breaches for privacy, security and constitutional rights suggest that while common, the public has a profound interest in safeguarding against such threats. They should be taken more seriously.

It is the Government that has, rightly, primed the population to play closer attention to this critical issue.

Finance Minister Colm Imbert’s recent budget sent a strong signal to private citizens that they need to act. Mr Imbert introduced a cybersecurity investment tax allowance of up to $500,000 for companies that incur expenses in relation to cybersecurity software and network security monitoring equipment. The measure will last from January 1, 2024, to December 31, 2025, and will result in an estimated tax loss of $8 million.

At the same time, the budget also outlines moves to push more people into online payments and to continue to bring more and more government services into the modern cyber age. The implications are broad, with potential transformation of the management of social services and access to and the provision of even health services.

The reports surrounding TSTT and a ransomware attack come after well-publicised disruptions in systems at the Office of the Attorney General and Ministry of Legal Affairs, as well as the Judiciary. To date, the public has not received any reassurances over the facts involved in any of these matters. That too is worrying. Citizens should be told if their private information has been breached.