Govt Learned ‘Vital Lessons’ From Cyber Attack
“One year on, Bermuda stands more resilient, having learned vital lessons from the attack,” the Government said as they reflected on the first anniversary of the cyber attack.
A Government spokesperson said, “On the evening of Wednesday, September 20th, 2023, the Bermuda Government’s IT systems faced a cyberattack, causing significant disruptions through several key government services, affecting everything from digital payment processing to court operations and customs systems. Despite the widespread disruption, essential services like 911, police systems, and public services such as vehicle relicensing and education continued, albeit in a limited, manual capacity.
“As the Government endeavoured to contain the breach, details of the attack were kept tightly under wraps due to ongoing investigations. The nature of cybersecurity threats often requires a level of confidentiality to avoid exacerbating the risks or hindering the investigation.
“However, the focus was clear: recovery efforts took precedence, aiming to restore critical services and minimize disruption to public life. The process would take months, with internal IT teams working closely with external partners, including the UK’s National Cyber Security Centre, to rebuild the compromised infrastructure.
“During this critical period, the Government was careful to keep the public informed. Regular updates provided reassurance, although some sensitive details were held back to prevent further exploitation by malicious actors.”
Premier David Burt reflected on the incident, saying, “The cyberattack was an unprecedented challenge for Bermuda. It tested the resilience of our digital infrastructure and the strength of our response mechanisms.
“Despite the gravity of the situation, essential services remained operational. This incident has underscored the growing threats in the digital age and provided us with invaluable lessons.”
The Minister of National Security Michael Weeks also expressed his gratitude for the tireless work of public officers and IT professionals who had been on the front lines of the response. “Their dedication and expertise were instrumental in overcoming a deeply disruptive event,” he said. “In the year since the attack, Bermuda has taken significant steps to fortify its defenses, including the establishment of the Cybersecurity Incident Response Team [CSIRT] and the passage of new cybersecurity legislation.”
A Government spokesperson added, “Recognizing the increasing sophistication of cyber threats, the Ministry of National Security has built a dedicated cybersecurity unit in collaboration with the International Telecommunications Union and key stakeholders. This unit will spearhead the efforts of CSIRT, focusing on defending both public and private Critical National Infrastructure [CNI] entities. Moreover, Bermuda has taken steps to cultivate local cybersecurity talent. The newly formed cybersecurity unit is not only tasked with protecting the island’s digital landscape but also with offering training opportunities to Bermudians, reducing the island’s reliance on foreign providers and strengthening self-sufficiency in this crucial field.
“Legislative efforts have also been a priority. The Government is working with the Council of Europe to update Bermuda’s Cyber Crime legislation, aligning it with the Budapest Convention on Cyber Crime. These new laws, currently in draft, will enhance the island’s ability to investigate and prosecute cybercrimes, while fostering international cooperation.
“Public awareness has played a key role in Bermuda’s response to the cyberattack. Campaigns have been launched to educate the public, particularly vulnerable groups like seniors and schoolchildren, about the dangers of cyber threats such as phishing and fraudulent communications. These efforts aim to build a more informed, secure community, with the Premier emphasizing, “Our experience has deepened our understanding of cybersecurity, and we are committed to using these insights to fortify our defences.
“The Bermuda Government is making solid progress in stabilizing and enhancing the environment by upgrading systems and services, increasing staff to address shortages, and actively identifying, evaluating, and mitigating potential security threats and vulnerabilities on an ongoing basis. This approach ensures that the Government’s security measures are continuously strengthened, keeping the environment protected from emerging risks such as cyberattacks, data breaches, or system failures. Additionally, enhanced system monitoring has been implemented to further support these efforts.”
A Government spokesperson added, “One year on, Bermuda stands more resilient, having learned vital lessons from the attack. As the Government continues to develop and enhance its cybersecurity framework, it remains focused on protecting the island’s digital infrastructure and preparing for future challenges in the ever-evolving landscape of cyber threats.”
Read More About
Category: All, News, technology
A whole bunch of nothing, except to highlight the failures of the IT system despite the Premier being an IT expert. A year on and still it is too secret to inform the public how much personal information was taken, and if a ransom was paid. Must be very embarrassing to well placed people for such secrecy.
Government systems have been hacked for years. Mr. IT & BPS were informed of a previous hack traced by IP address to Pakistan. The big hack last year was just the most obvious one. People have a right to full Government disclosure but do not expect to see it. Just remember, no one in Government at any level was fired. No overly paid outside security consultant was fired. The automatically electronically deposited paychecks will keep coming to everyone who failed us.
“One year on, Bermuda stands more resilient, having learned vital lessons from the attack,”
Thank you for that platitude, but what “vital lessons” have been learned?
Telling the public that “Bermuda stands more resilient, having learned vital lessons from the attack” is nice, but entirely uninformative.
This was just a puff piece. We want to know what happened, what caused it, have the vulnerabilities been identified and secured from ever happening again. Was any data taken and how much did it cost the government in terms of a ransom.
Blah, blah, blah. Pablum for the ears.
“what “vital lessons” have been learned? ” Hmmm, how to spin a crisis into media snippets. Effectively avoid reporting details. Not acknowledging that Mr. IT & BPS was warned about Government systems being hacked before and did nothing to prevent another attack, never mentioning the name of our CIO and not having him attend briefings… yada, yada, yada. We all got paid for our incompetence and no one was fired. heh, heh, heh. Now, pat us on our backs for being great.
SO WHAT REALLY HAPPENED…..WE STILL DON’T KNOW!!
Just a suggestion. Submit a PATI request for the information and see what happens.
HILARIOUS!
This reads like a Government statement. Patting themselves on the back for updating what should have been in place.. If this was the private sector they would have all been jobless..