John praises NIB on cyber attack response

The content originally appeared on: Trinidad and Tobago Newsday

The National Insurance Board (NIB) office on Harris Promenade was closed due to a ransomware attack. – Photo by Lincoln Holder

UNC deputy political leader Jearlean John praised the National Insurance Board (NIB) for the manner in which it handled that a cyber attack on Wednesday.

John also said the Opposition will keep an open mind with respect to cyber security legislation which Government plans to bring to Parliament.

She made these comments during the UNC’s final news conference for the year on Thursday.

In two separate statements on Wednesday, the NIB announced that it experienced a cyber attack and had engaged local and foreign experts for help.

The NIB said that “all steps are being taken to protect our data integrity and technology hardware.”

The company added, “We are also continuing to diligently work with our external technology partners expeditiously resolve this matter.”

The NIB said it reported the incident to the National Security Ministry’s TT Cyber Security Incident Response Team (TT-CSIRT) and is working with them toward a resolution.

She claimed the NIB’s approach was better than than taken by the Telecommunications Sservices of TT (TSTT) two months earlier when it experienced a cyber attack.

“They (NIB) have been upfront and said they have been hacked.”

John said to date, no one knows what was the cause of the cyber attack on TSTT.

Speaking in the Senate on November 7, Public Utilities Minister Marvin Gonzales said Government had mandated TSTT’s board to do a thorough and independent investigation.

The board, he continued, has taken steps towards facilitating the start of the probe.

Gonzales said, ” Additionally, TSTT is still in the process of evaluating all aspects of the attack, including the validation of all reported information in the public domain, that is the personal data of all our citizens, inclusive of members of the Cabinet and parliamentarians.”

That exercise is being done on a customer-by-customer basis.

As the results of the investigation become available, Gonzales promised “to provide further clarity on this ongoing situation to the national community.”

Asked whether the Opposition would support any proposed cyber security legislation that Government bring.

to Parliament, John reiterated that the UNC will always support legislation that is in the country’s best interest.

In the Senate on December 19, Attorney General Reginald Armour, SC, said laws to deal with cyber crime will be coming to Parliament soon.

He said his ministry is preparing “a cyber crime legislative package that will replace the existing Computer Misuse Act.”

Armour said, “The most notable legislative reforms include the advancement of computer-related crimes, seeking to protect against the involvement of our youth in this type of criminal activity and the need to streamline our laws with that of international legal advancements.”

He said the legislative package that will replace the Computer Misuse Act will “accommodate the robust criminalisation of cyber crimes through new advances of information and communication technologies.”

John said stronger legislation to thwart cyber criminals was just one part of the solution towards strengthening cyber security.

She suggested that public and private sector companies do regular reviews of their cyber security measures to ensure they are operating properly.

John added that cyber criminals often target entities which they feel have vulnerabilities in their cyber systems.

During a meeting of the Parliament’s Social Services and Public Administration Committee meeting on December 11, its members were told about 200 cyber attacks on public and private sector entities over the last five years and no legislation to define these incidents as crimes and help the authorities bring the perpetrators to justice.

Those testimonies came from members of TT-CSIRT and the police cyber and social media unit (CSMU).

CSMU head Supt Amos Sylvester said while there have been many cyber incidents, there are no specific laws which identify them as crimes.

“We depend largely on legislation (to act against criminals).”

Sylvester was unaware of anyone being charged for computer-related offences in the last three years.