No, Mr. Rohee, NCIRT is a functioning part of GoG’s cyber security architecture

Mar 10, 2019 AFC Column, Features / Columnists

---

Minister of Public Telecommunications, Cathy Hughes, took former Home Affairs Minister, Clement Rohee to task for his “hypocritical and disingenuous attempt to mislead the nation, to scare citizens and dissuade them from using Government’s online services”. The former Minister had wrongly assumed, and has accused the Government of disbanding the National Cyber Security Incident Response Team (NCIRT), leaving Guyana vulnerable to cyber-attacks.
Minister Hughes took the opportunity in her response to Mr. Rohee’s letter, to lay the mechanisms and architecture that are in place in the Cyber Security Division of the National Data Management Authority (NDMA).
Following is an abridgement of the Minister’s own letter of response.
“Mr. Rohee’s claim that former staffers of NCIRT were “Left jobless … [and] went off to seek their fortunes where their skills were needed”, is a blatant attempt to sow seeds of discord. The truth is that Mr. Rohee’s “small, but highly qualified team of computer experts, engineers and programmers” according to him, was made up of One Head, One Engineer, and One Technician. The Head abandoned NCIRT by tendering her resignation when she was informed of its merger with the NDMA. The Technician resigned two months after the merger. The Engineer remains on staff at the NDMA.
Permit me to enlighten Mr. Rohee and explain to the public how the Cyber Security framework functions. In recognition of the critical role that ICTs would play in the development of our country, President Granger in January 2016 established the Ministry of Public Telecommunications. This administration understood clearly that a concerted approach was needed to leapfrog Guyana into the digital age after 23 years of wastage and mismanagement of ICT initiatives. The latter was most noticeable in the failed US$5M Dense Wavelength Division Multiplex (DWDM) fibre cable that was landed at Lethem from Brazil in 2011. (Read article at https://www.kaieteurnewsonline.com/2014/12/10/brazilguyana-fibre-cable-project-collapses/ for a comprehensive background).
Then there was the USD32M e-Government network which was built by Huawei Technologies in 2012/3 but remained un-utilised as it began to deteriorate.
Thankfully, the e-Government network was salvaged when this coalition Government took office in 2015. However, that fibre optic cable landed from Brazil was so badly damaged from bad handling and poor installation that none of it could be salvaged.
The Ministry of Public Telecommunications is responsible for Internet governance, digital skills, digital promotion, digital entrepreneurship, e-Government, postal services, telecommunications, and cyber security. One of the first tasks we undertook in 2016 was to harmonize and rationalize Guyana’s ICT investments and operations, bringing all under the umbrella of the e-Government/National Data Management Authority (NDMA). Those initiatives included:
 The same NCIRT that Mr. Rohee claims is non-existent
 The One Laptop per Family project which was rebranded as the One Laptop per Teacher programme
 Construction of towers in certain communities
The e-Government Unit was merged in 2017 with the NDMA, a deliberate decision to advance our well-structured e-Government agenda. NDMA, created by an Act of Parliament in 1983, is mandated to inter alia see to the “establishment and maintenance of reliable communication linkages in the Public Sector in order to achieve optimal utilization and deployment of computer resources”.
So, after our inauguration in 2016, the MOPT (Ministry of Public Telecommunications), began to clean up the mess created by the previous administration and set out on a progressive path to digitizing this nation. We recruited over 100 ICT professionals including 70+ Engineers and Technicians, and we expended considerable effort and resources to:
1. Salvage and operationalize the e-Government network
2. Establish over 170 Community ICT Hubs (to date) which provide free Internet access to citizens across the country
3. Provide Internet access to over 300 educational institutions at the primary, secondary, tech/voc and tertiary levels
4. Provide secure connectivity to over 120 government agencies
5. Establish the Public Sector’s first IT Leadership Technical Working Group (TWG)
Of particular note is the fact that given our now expansive online presence, we anticipate an increased number of threats to the national ICT infrastructure, and we have taken several steps to mitigate and respond adequately. Our preparedness includes:
1. Establishment of a Cyber Security technical working group to create and promote standards, policies, guidelines and best practices for all other governmental bodies

2. Development of an incident reporting system to enable Government to provide resilient mechanisms to constantly assess and monitor Guyana’s cyber-threat landscape so that our available resources could be directed there

3.
a. Continually issue cyber security tips and guidelines on NCIRT’s and NDMA’s websites and social media platforms
b. Prepare and disseminate cyber security brochures in communities across Guyana
c. Implement web filtering mechanisms for safe online environments in schools and community hubs
d. Provide guidelines to public sector technicians to counter new and emergent cyber threats or attacks

4. Leveraging our international and regional partnerships with ITU, LACNIC, OAS-CICTE, IDB, Governments of India, China, Israel, and the USA to strengthen Guyana’s capabilities through multi-tiered training in areas including:
a. Type-specific network security
b. Unified Threat Management
c. Log Analysis
d. Security Awareness
e. Security Vulnerability Assessment
f. Incident Response and Threat Intelligence
g. Network Intrusion & Digital Forensics
h. Reducing Cybercrime
i. Security Strategy & Leadership

5. Establishment of our 24/7 cyber security and network operations centre to proactively monitor and respond to incidents on our network infrastructure. In these instances, the NCIRT team works closely with/advises entities and implements remediation measures.

All of these investments and programmes reflect our comprehensive approach to Government’s Management of Cyber Security, which is a far cry from the three-person team lauded by Mr. Rohee. It is clear that the former Minister does not understand the complexity of modern cyber architecture which is required to protect this nation.
In this era of politically motivated cyber-attacks, nothing can (or should) be ruled out.
NCIRT can be contacted by Telephone (592)-231-6860, email: [email protected], and through its website: https://cirt.gy.

---

---