A serious breach of Guyana’s national security

Feb 26, 2019 Letters

---

DEAR EDITOR,

What appeared to be a small matter but in fact was a serious breach of Guyana’s national security, occurred recently at a vital state-owned enterprise.
The case in point is Guyana Power and Light (GPL). The corporation was the victim of a cyber attack on its computerized systems. The attack took place in earlier this month.
Interestingly, the mainstream press did not carry the story which it should have, save for the state-owned Guyana Chronicle that ran the story under the headline; “Cyber-attack on GPL Information Systems.”
According to a GPL press release:
‘On Wednesday (February 6, 2019) at about 04:21 hours, the company experienced a cyber-attack on its computerized systems.’ The statement emphasized: ‘The perpetrators of this act requested a ransom of bitcoins (digital money) to remove all encryptions from within the network. GPL has not heeded to, and will not heed to, any such ransom.’ The statement concluded: ‘It is therefore fitting to advise and encourage all local companies with computerized systems to review their existing cyber security systems and disaster recovery plans as well.’
Is this stale news? In my view it is not.
Neither the date of the GPL release nor when the attack took place matters. What really matters is the nature, relevance and significance of the attack.
During the last PPP/C government, cabinet approved the establishment of a National Computer Incident Response Team (NCIRT) to be attached to the then Ministry of Home Affairs.
The NCIRT was housed in a government-owned building at Ogle. It was equipped with the necessary ICT hardware and software. A small, but highly qualified team of computer experts, engineers and programmers were hired to staff NCIRT.
Staffers at NCIRT were sent abroad for advanced professional training and to participate at international seminars, workshops and conferences.
Capacity building and institutional strengthening was moving apace, so much so that NCIRT won international acclaim at the OAS and the Commonwealth Secretariat sections treating with cybersecurity matters in member states.
Domestically, although much more work was needed, NCIRT, over the short period of its existence, had built up sufficient institutional and human resource capacity to support and assist government agencies and departments, as well as private sector entities, to fight off computer hacking and/or cyber attacks.
With the advent of the APNU+AFC coalition to office, and in pursuit of its mantra, ‘Time For Change’, NCIRT was denuded of its technological and human resources, thus rendering it obsolete, and a useless unit attached to the then Ministry of Home Affairs.
Subsequently, NCIRT was disbanded.
Left jobless, the NCIRT staff went off to seek their fortunes where their skills were needed.
At one of the parliamentary sub-committee meetings to consider the draft Cyber Security Bill, Mr Khemraj Ramjattan was asked about NCIRT. In response, the Public Security Minister feigned ignorance of its existence insisting he knew nothing about that.
So much for government’s commitment to public and national security in these times when cyber security has emerged as a global challenge requiring a global response, and where no one country can operate in a vacuum.
Cybercrime is a subset of Cybersecurity, they differ from traditional security and criminal activities, and require completely different responses and investigations.
Cybersecurity is already a major security challenge for the 21st century. And it is good that GPL has recognized this and has made a wakeup call to other public and private entities.
Passing cyber crime legislation is one thing, but to effectively enact the provisions on the basis of the regulations is a completely different matter.
The GPL release, while claiming that no ransom of bitcoins was paid, made no mention whether their investigations resulted in the apprehension of the culprits and whether their case was successfully prosecuted.
But what is of great significance in this entire episode is that it brought to light the fact that here in Guyana there already exists, an entry point for payment by way of bitcoins as ransom for cyber attacks on vital and critical points.
In other words, whether the attack originated from here in Guyana or overseas, it is now factual that Guyana is exposed to cyber attacks and that ransom payments are demanded in bitcoins. This is new to Guyana.
This begs the question whether there exists here in Guyana safe havens for international cyber criminal networks that are hosted by local counterparts. This would pose a serious threat to national security and raises more questions than answers.
The disbandment of Guyana’s national CIRT was a big mistake by the Granger administration. It has left Guyana exposed to cyber attacks as a nation.
Penetration and attacks by cyber criminals behind the ‘Dark Web’ on key and critical installations such as our ports, airports, banks and insurance companies, strategic government agencies and departments, revenue authority, the NIS, GECOM, hospitals, military and national security installations, place all at risk of suffering similar attacks, as was the case at GPL.
Steps must be taken to build partnerships at home and abroad. Encouragement must be given to set up digital crime units. And a National Computer Incident or Emergency Response Team or Unit, staffed with highly qualified professionals is a sine qua non to stave off imminent cyber-attacks on computerized systems wherever the vulnerability may exist.

Yours faithfully,
Clement J. Rohee

---

---