Ex-execs head to court; Gonzales vows to follow law on TSTT cyberattack report

MINISTER of Public Utilities Marvin Gonzales said on January 27, his attorneys will respond to a letter from attorneys representing two former executives at the Telecommunications Services of Trinidad and Tobago (TSTT) over the report into the 2023 cyberattack on the company.

Attorneys representing ex-CEO Lisa Agard and ex-CFO Shiva Ramnarine raised concerns in a letter to the minister after he announced he received the report on January 23. Their attorneys have asked the minister not to make the findings public.

Gonzales told Newsday on January 26, his attorneys would be responding to the letter on January 27.

He also said he could not give a time for laying the report in Parliament, but suggested it would be done soon.

"There is a process for doing so (laying the report) which entails getting the approval of the Cabinet, which I plan on doing at the earliest opportunity."

He added, "The Government has a constitutional duty to comply with the law in the discharge of our executive functions. "Whatever legal avenues available to the Government to disclose the report in the public's interest, the Government intends to avail itself of those avenues."

However, attorney Karina Singh, who represents Agard and Ramnarine, said her clients are prepared to go to court to stop the report from being laid in Parliament.

In the letter to Gonzales, Singh said her clients were not given a fair opportunity to respond to possible criticisms and findings in the report. She also said they have not had sight of it.

She told Newsday on January 26, they expressed their concerns to the minister on January 23, but had not yet received a response.

“There has been an intentional withholding of the findings and contents of the report to deny us a fair opportunity to present our materials.

“If we are given that opportunity, many things would come out of that. It will be highlighted and they will be forced to go and review their findings.

“We have taken note of what is being said in the press and we are preparing to go to court if we do not hear anything from them by Monday. If they do go along those lines in publishing or laying the report, that is definitely going to be frowned upon by the court.”

The report was completed by Kudelski Security, a cybersecurity company that provides services to help clients protect their assets and reduce risk.

But Singh said there were two other reports done by security companies, Check Point and Cybereye.

“There are certain matters that the investigators (Kudelski Security) have addressed their minds to without consideration of the reports. Based on what was disclosed to us it is quite apparent that they have not been considered. So in the face of this, we are saying they cannot arrive at the findings and conclusions in their report and the potential criticisms that were made against our clients.”

Singh's letter to Gonzales warned against using disputed accounts of what took place which were "speculative and contradictory."

Accusing investigators of adopting a "closed mind" to information and her clients' concerns, Singh pointed to a position adopted by the security company which, she said, they did not accept as it directly impacted the integrity of the report.

On January 23, Gonzales said he intended to submit the report and its findings to the National Security Council and the appropriate joint select committee of Parliament.

The cyberattack on TSTT happened on October 9, 2023, but was only made known to the public weeks later. On October 30, 2023, Gonzales denied claims that TSTT was victim to a ransomware attack. TSTT then admitted to the attack.

Agard was dismissed as TSTT's CEO soon after Ramnarine had his contract terminated with immediate effect.