Attorney General: New cyber security laws coming

ATTORNEY General Reginald Armour, SC, said new laws to deal with cyber crime will be coming to Parliament soon.

He made this comment in his contribution to the debate on the Finance Bill 2023 in the Senate on Tuesday.

Armour praised Finance Minister Colm Imbert for introducing the bill of a cyber security investment tax allowance to companies that "incur expenditure in respect of investments made in cyber security software and network security monitoring equipment, up to a maximum of $500,000."

He said, "We cannot underestimate the value of that allowance providing an incentive to continuing to build out our cyber security."

Armour said for companies to access this allowance, their expenditure must be certified by IgovTT.

"Cyber security is an area of increasing importance in an era of globalisation and the rise of threats from cyber attacks on businesses and governments."

He said his ministry is preparing "a cyber crime legislative package that will replace the existing Computer Misuse Act."

Armour said, "The most notable legislative reforms include the advancement of computer-related crimes, seeking to protect against the involvement of our youth in this type of criminal activity and the need to streamline our laws with that of international legal advancements."

He said the legislative package that will replace the Computer Misuse Act will "accommodate the robust criminalisation of cyber crimes through new advances of information and communication technologies."

Armour said, "This is being prudently operationalised while allowing for the proposed amendments to take into consideration our anticipated international commitments."

He told senators, "These measures will support the ongoing anti-money laundering, detection and flagging initiatives, red flagging that is, as it can support the efforts of financing institutions in identifying suspicious patterns or anomalies in financial transactions."

Armour said Independent Senator Dr Paul Richards was particularly passionate about the need to deal with cyber crime.

Richards is the chairman of the Parliament's Social Services and Public Administration Committee, which held a public inquiry about recent cyber attacks on December 11.

At that meeting, committee members were told about 200 cyber attacks on public and private sector entities over the last five years and no legislation to define these incidents as crimes and help the authorities bring the perpetrators to justice.

Those testimonies came from members of the National Security Ministry's Cyber Security Incident Response Team (TT-CSIRT) and the police cyber and social media unit (CSMU)

CSMU head Supt Amos Sylvester said while there have been many cyber incidents, there are no specific laws which identify them as crimes.

"We depend largely on legislation (to act against criminals)."

The only legislation which deals directly with computer-related offences is the Computer Misuse Act 2000.

Sylvester lamented this law "never had the sight of the kinds of (computer/cyber) crimes that we are seeing now."

He added that since 2009, efforts to strengthen this legislation have been unsuccessful.

Sylvester was unaware of anyone being charged for computer-related offences in the last three years.