Minister: ‘Cybersecurity Is A Priority For Govt’
“Cybersecurity is a priority for the government and indeed for Bermuda,” Minister of National Security Wayne Caines said in the House of Assembly today [July 20] as he provided an update on progress in the areas of cybersecurity and cyber safety.
The Minister’s full statement follows below:
Mr. Speaker, I rise to advise this Honorable House of Bermuda’s continued progress in the areas of cybersecurity and cyber safety.
Mr. Speaker, in June, I shared an update on the progress of the Bermuda Cybersecurity Strategy development and encouraged participation in the consultation process to validate elements of that strategy. This work is important because cybersecurity is a priority for the government and indeed for Bermuda. It is imperative because of our work towards becoming a leading fintech jurisdiction. It is critical because of our significant financial and reinsurance sectors. It is vital because the government and the Island’s organisations are trusted with valuable business and personal information.
Mr. Speaker, securing this information and the systems that store it is central to Bermuda’s standing as a globally-trusted, blue chip jurisdiction. As we continue to make strides in developing digital ledger technologies and integrating them within our society and economy, we become a greater target for cybercriminals. One attack could have catastrophic consequences for any local company’s reputation and finances, and may take years to recover from. As the Government of Bermuda holds critical and sensitive information of every Bermudian, resident and international stakeholder, we are a target for any and all cybercriminals.
As such, Mr. Speaker, the Public Service has worked to ensure that users of the government networks are educated on cybersecurity and safety on a bi-monthly basis. Ninety-two percent of assigned courses have been successfully completed to date. Users have received training in phishing, social media, and password security. We are now gearing up for the next topic – privacy principles.
Mr. Speaker, the Identity Theft Resource Centre [ITRC] reported that there were more than 174 million records compromised in 1,293 data breaches in 2017 alone; which is 45% higher than the amount of breaches in 2016. The trend has only continued. In January, Aetna, a US-based insurance provider, had to pay $17 million in a settlement after violating the privacy of 12,000 of their customers. In March, a hacking ring attacked the networks of 144 US universities, causing $3.4 billion worth of damages. The Government and private Bermuda companies must ensure there are protections and plans in place against these and other types of cyber-attacks.
Mr. Speaker, as recently as 2016, Bermuda-based organisations indicated their interest and desire for guidance and training on cybersecurity standards and practices. In particular, cybersecurity incident response and recovery were areas identified as needing to have strong plans in place. These organisations understand that without a foundation of strong cybersecurity, cybercriminals can exploit vulnerabilities within every organisation. In response, we partnered with NIST, the US National Institute of Standards and Technology, to provide training on the Cybersecurity Framework in September 2017 and on the Risk Management Framework in March of this year.
Ensuring that we have sufficient and suitably qualified personnel to implement and validate cybersecurity plans and strategies is necessary to provide assurance of effective security. However, this must constantly evolve to keep up with the sophistication of today’s cyber-attackers. The proactive investment in cybersecurity can save us from billions of dollars of losses in the future.
Mr. Speaker, Bermuda’s cybersecurity strategy has been crafted through the collaboration of the Cybersecurity Working Group, consisting of local public and private sector IT and security professionals and chaired by Mr. Ronnie Viera, and the Commonwealth Telecommunications Organisation, or “CTO.” The CTO has extensive involvement with numerous countries and has worked in collaboration with governments, ministries, regulators and private sector representatives on national cybersecurity strategies. The CTO has assisted the Department of ICT Policy & Innovation and the Cybersecurity Working Group in conducting consultation workshops, developing the draft Bermuda Cybersecurity Strategy, and validating the resulting strategy.
The draft Bermuda Cybersecurity Strategy reflects the needs and goals of the jurisdiction. The strategy development and consultation processes have ensured that the strategy is robust and considers the Island’s particular strengths and ambitions related to both cybersecurity and cyber safety. The strategy will soon be presented to Cabinet. However, we have not waited for the ink to dry as there are a number of initiatives to encourage safe and secure cyber practices taking place.
The Department of ICT Policy and Innovation and the Cybersecurity Working Group are currently evaluating the Cyber Essentials scheme. Cyber Essentials aims to help organisations implement basic levels of protection against cyber-attack, demonstrating to their customers that they take cybersecurity seriously. Another element being immediately pursued is a national Computer Security Incident Response Team [CSIRT] assessment, which is considered an important pillar of cybersecurity. Additionally, Incident Response and Recovery training will be offered before the end of the year.
Mr. Speaker, to mitigate the risks of attacks, in October 2017, the Cabinet approved a policy that directed the Government of Bermuda to implement and maintain an Information Systems Risk Management Programme aligned with industry leading standards. This programme ensures that resources, roles, responsibilities and accountability for the protection of sensitive information and critical systems within the Government are appropriately assigned. The Cybersecurity Cabinet Committee provides oversight of the programme to ensure that accountability for due care is maintained. In addition, the Information Systems Risk Management Committee within the Public Service guides the implementation of the Programme to ensure that the Cybersecurity threats and vulnerabilities that could potentially impact our nation are identified and addressed.
Mr. Speaker, under the Information Systems Risk Management Programme, government IT and policy professionals received training in the Factor Analysis of Information Risk [FAIR] method. FAIR is the only international standard quantitative model for information security and operational risk. It provides professionals with a reliable model for understanding, analyzing and quantifying information risk in financial terms.
Mr. Speaker, within the Department of ICT Policy and Innovation, the Cybertips Initiative continues to be Bermuda’s leading source of information on internet safety and security. The team provides community workshops; giving practical tips, resources and tools to users of the various technologies in order to safeguard them against online dangers, inappropriate content, potentially harmful behaviours, and cyber-attacks.
The Cybertips team also routinely visits schools, youth organizations and numerous community events. The team has spoken to thousands of students, parents, educators, youth groups and seniors. In May 2018, Cybertips hosted Bermuda’s first Digital Leadership Conference which saw the participation of over 650 of Bermuda’s middle and high school students. They gathered on May 7th, to discuss the importance of digital citizenship and learn how they as young people can help combat the current “epidemics” of cyberbullying, sexting and the proliferation of online sexual images.
Mr. Speaker, the Ministry of National Security and the Department of ICT Policy & Innovation partners with the Bermuda Police Service, the Child Safeguarding Committee, Child and Family Services, the Department of Public Prosecutions, SCARS, the Family Centre, the RAP Project, the Internet Watch Foundation and a number of other organizations, both locally and internationally, to bring the most up to date, innovative and media rich educational tools to Bermuda through the Cybertips Initiative.
Mr. Speaker, a solid cybersecurity strategy is meant to underpin the country’s progress. We are using a multi-pronged approach to make sure that we have a safe and secure cyber environment to work, pursue education, play and socialise. Cybersecurity and cyber safety has bearing on our reputation and on our well-being. In this connected world, we want our residents and businesses to be prepared to handle the cyber-threats they may encounter while still reaping the benefits that the various technologies have to offer.
Thank you, Mr. Speaker.
Read More About
Category: All, Business, technology
Sorry but the Bermuda government are way behind the private sector in this regard, Millions have been spent (and are being spent to secure ) by businesses to protect their customers data.
Then we have the government who needed to be told that their email system had been hacked and were sending spam emails.