Dear Editor,
What appeared to be a small matter but in fact was a serious breach of Guyana’s national security occurred recently at a vital state-owned enterprise.
The case in point is the Guyana Power and Light (GPL). The corporation was the victim of a cyberattack on its computerized systems.
The attack took place in early February this year.
According to a GPL press release:
‘On Wednesday (February 6, 2019) at about 04:21 hours, the company experienced a cyber-attack on its computerized systems.’
The statement emphasized:
‘The perpetrators of this act requested a ransom of bitcoins (digital money) to remove all encryptions from within the network. GPL has not heeded to, and will not heed to, any such ransom.’
The statement concluded:
‘It is therefore fitting to advise and encourage all local companies with computerized systems to review their existing cyber security systems and disaster recovery plans as well.’
Is this stale news? In my view it is not.
Neither the date of the GPL release nor when the attack took place matters. What really matters is the nature, relevance and significance of the attack.
During the last PPP/C government, cabinet approved the establishment of a National Computer Incident Response Team (NCIRT) to be attached to the then Ministry of Home Affairs.
The NCIRT was housed in a government-owned building at Ogle. It was equipped with the necessary ICT hardware and software.
A small, but highly qualified team of computer experts, engineers and programmers were hired to staff NCIRT.
Staffers at NCIRT were sent abroad for advanced professional training and to participate at international seminars, workshops and conferences.
Capacity building and institutional strengthening was moving apace so much so that NCIRT won international acclaim at the OAS and the Commonwealth Secretariat sections treating with cyber security matters in member states.
Domestically, although much more work was needed, NCIRT over the short period of its existence, had built up sufficient institutional and human resource capacity to support and assist government agencies and departments as well as private sector entities to fight off computer hacking and/or cyber attacks.
With the advent of the APNU+AFC to office, and in pursuit of its mantra, ‘Time For Change’ NCIRT was denuded of its technological and human resources thus rendering it obsolete and a useless unit attached to the then Ministry of Home Affairs.
Subsequently, NCIRT was disbanded.
Left jobless, the NCIRT staff went off to seek their fortunes where their skills were needed.
At one of the parliamentary sub-committee meetings to consider the draft Cyber Security Bill, Mr Khemraj Ramjattan was asked about NCIRT. In response, the Public Security Minister feigned ignorance of its existence insisting he ‘knows nothing about that.’
So much for government’s commitment to public and national security in these times when cyber security has emerged as a global challenge requiring a global response and where no one country can operate in a vacuum.
Cyber crime is a subset of CyberSecurity, they differ from traditional security and criminal activities, and require completely different responses and investigations.
CyberSecurity is already a major security challenge for the 21st century.
And it is good that GPL has recognized this and has issued a wake-up call to other public and private entities.
Passing cyber crime legislation is one thing, but to effectively enact the provisions on the basis of the regulations is completely different matter.
The GPL release, while claiming that no ransom of bitcoins was paid, made no mention whether their investigations resulted in the apprehension of the culprits and whether their case was successfully prosecuted.
But what is of great significance in this entire episode is that it brought to light the fact that here in Guyana there already exists, an entry point for payment by way of bitcoins as ransom for cyber attacks on vital and critical points.
In other words, whether the attack originated from here in Guyana or overseas, it is now factual that Guyana is exposed to cyber attacks and that ransom payments are demanded in bitcoins. This is new to Guyana.
This begs the question whether there exists here in Guyana safe havens for international cyber criminal networks that are hosted by local counterparts.
This would pose a serious threat to national security and raises more questions than answers.
The disbandment of Guyana’s national CIRT was a big mistake by the Granger administration. It has left Guyana exposed to cyber attacks as a nation.
Penetration and attacks by cyber criminals behind the ‘Dark Web’ on key and critical installations such as our ports, airports, banks and insurance companies, strategic government agencies and departments, revenue authority, the NIS, GECOM, hospitals, military and national security installations are all at risk of suffering similar attacks as was the case at GPL.
Steps must be taken to build partnerships at home and abroad. Encouragement must be given to set up digital crime units. And a National Computer Incident or Emergency Response Team or Unit, staffed with highly qualified professionals is a sine-qua-non to stave off imminent cyber attacks on computerized systems wherever the vulnerability may exist.
Yours faithfully,
Clement J. Rohee
Former Minister of Home Affairs