Legislation Aims To Strengthen Cybersecurity
“I will table the Cybersecurity Act 2024 and the Computer Misuse Act 2024,” Minister of National Security Michael Weeks said in the House of Assembly today [May 3], adding that “these are two important pieces of legislation aimed at strengthening our cyber posture in Bermuda.”
The Minister said, “The September 2023 cyberattack on the Bermuda Government was unprecedented and severely tested the Government’s resilience and ability to maintain its business continuity. The cyberattack highlighted the need for the legislation that will be tabled today. Moreover, the attack fortified the Government’s commitment to ensure that Bermuda’s policies, legislation, and capabilities around cybersecurity and cybercrime align with our objective of being a premier financial technology jurisdiction, and that those policies and legislation support our increasing reliance on technology for daily life and day to day operations in Bermuda.
“The Cybersecurity Act 2024 is new legislation that will support the Government’s aims through:
- Formally establishing a Cybersecurity Advisory Board to advise the Government on matters related to cybersecurity;
- Designation of Critical National Information Infrastructures and the enforcement authorities responsible for ensuring the entities follow best practices in the cybersecurity arena; and
- Designation of the Cybersecurity Unit within the Ministry of National Security Headquarters as the National Cybersecurity Incident Response Team.
“The Computer Misuse Act 2024 will also be tabled today. The Act repeals and replaces the current Computer Misuse Act. It is the first in a series of legislation that will be amended and updated to place Bermuda in position to meet the stipulations of the Budapest Convention on Cybercrime. ”
The Minister’s full statement follows below:
Mr. Speaker, I wish to advise this Honourable House that later today I will table the Cybersecurity Act 2024 and the Computer Misuse Act 2024. These are two important pieces of legislation aimed at strengthening our Cyber posture in Bermuda.
Mr. Speaker, as far back as 2018, the Speech from the Throne recognized that Bermuda’s economic fortunes and potential for growth must be safeguarded by a secure infrastructure and a strong cybersecurity framework. Honourable Members will recall that the 2021 Speech from the Throne promised to introduce a Cybersecurity Act to establish the appropriate standards of cybersecurity for Bermuda’s critical assets such as energy supply, telecommunications and government data.
Mr. Speaker, since that Throne Speech promise, technical staff within the Ministry of National Security and the Attorney General’s Chambers, in collaboration with the Cybersecurity Governance Board, have worked diligently to progress the legislation. Honourable Members can appreciate that cybersecurity is a relatively new concept. Many of the larger jurisdictions in the Commonwealth, and several comparable jurisdictions in the Caribbean, have not yet developed cybersecurity legislation, or have legislation that is in its infancy stages. That has made it even more critical for Bermuda to allow adequate time for stakeholder consultation and extensive research on best practices in cybersecurity that would benefit the development of this legislation.
Mr. Speaker, Honourable Members will recall that the September 2023 cyberattack on the Bermuda Government was unprecedented and severely tested the Government’s resilience and ability to maintain its business continuity. The cyberattack highlighted the need for the legislation that will be tabled today. Moreover, the attack fortified the Government’s commitment to ensure that Bermuda’s policies, legislation, and capabilities around cybersecurity and cybercrime align with our objective of being a premier financial technology jurisdiction, and that those policies and legislation support our increasing reliance on technology for daily life and day to day operations in Bermuda.
Mr. Speaker, the Cybersecurity Act 2024 is new legislation that will support the Government’s aims through:
- Formally establishing a Cybersecurity Advisory Board to advise the Government on matters related to cybersecurity;
- Designation of Critical National Information Infrastructures and the enforcement authorities responsible for ensuring the entities follow best practices in the cybersecurity arena; and
- Designation of the Cybersecurity Unit within the Ministry of National Security Headquarters as the National Cybersecurity Incident Response Team.
Mr. Speaker, the Cybersecurity Unit is responsible for development of the Government wide cybersecurity programme and supports oversight of the security posture of Government departments. When fully staffed, the Unit will also monitor threats to Critical Information Infrastructures within Bermuda and offer assistance to outside agencies to help improve their abilities to protect against, respond to, and recover from cybersecurity events. Funding for staffing has been allocated for the current fiscal year, and recruitment to fill two new posts for the Unit will begin soon.
Mr. Speaker, the Computer Misuse Act 2024 will also be tabled today. The Act repeals and replaces the current Computer Misuse Act. It is the first in a series of legislation that will be amended and updated to place Bermuda in position to meet the stipulations of the Budapest Convention on Cybercrime. In the coming months, this Honourable House can also expect to consider legislative amendments to the Electronic Communications Act and the Criminal Code. These amendments will strengthen our laws on cybercrime and provide the Bermuda Police Service and the Department of Prosecutions with the legislative tools needed to effectively investigate and prosecute cybercrimes.
Mr. Speaker, getting this legislation right has been a priority of the Government. As promised in the 2023 Speech from the Throne, the Cybersecurity Act 2024 being tabled today incorporates the lessons learned from the cyberattack. We have taken the time to ensure that the legislation can be enacted and enforced in a way that it ensures adequate protection, but does not unduly burden those entities, organisations and individuals that it is meant to protect.
Mr. Speaker, in closing I would like to note that this legislation is an example of the Ministry of National Security delivering on its mission to “Keep Bermuda Safe.” While cyberattacks and cybercrime do not typically result in physical harm, the financial and emotional havoc caused is tangible. The Government is committed to defending against cyber threats whenever possible and responding to cybercrime with the full force of our updated legislation.
Thank you, Mr. Speaker.
Read More About
Category: All, News, Politics, technology
What a joke. Mr. Big IT is the ultimate head of Government IT and refuses to explain the who, what, where, and when of the cyberattack. The BPS and Mr. Big were informed of a hack of the Government email system by someone using a foreign IP address in Dec 2021. Countermeasures were suggested and ignored. Bermuda’s CIO, Mr. Nameless, who was an IT project manager before being hired, is nowhere to be found in any news stories. Does he still have a job? Why was no one fired?
How much money was paid out to cybersecurity consultants and what did Bermuda get for the money?
Clowns to the right of us, clowns to the left – here we go again stuck with the bills…