Expert warns govt IT structure ‘fragile’, prone to failure

eekly paid Sanitation Service Authority (SSA) workers briefly walked off the job on Friday after delayed wages—caused by a government IT system crash—left them unpaid.

It was not immediately clear how many weekly-paid public officers had difficulty getting their wages electronically as government services across multiple ministries ground to a halt this week, exposing critical vulnerabilities in the state’s IT infrastructure.

 

The disruption, which also crippled email communications, prompted the National Union of Public Workers (NUPW) to raise alarm over the security of public officers’ sensitive data.

Reacting to the development, a private sector cybersecurity expert also chided the government for “unnecessarily” exposing its major operations to widespread disruptions by consolidating all ministries on a single computer mail server.

 

The Ministry of Industry, Innovation, Science and Technology (MIST) reported that the issue arose after “a critical piece of infrastructure was damaged”, shutting down services such as government email and several websites. It did not provide any details.

Public e-services offered by the International Business Unit in the Ministry of Energy and Business were also affected, with its email systems, the Corporate and Intellectual Property Office’s (CAIPO) payment services and the EZ-PAY payment portal rendered unavailable.

 

General Secretary of the NUPW Richard Greene said the SSA wages issue was resolved after management manually processed the payments.

“My understanding is that there was a system failure within the Ministry of Innovation, Science and Technology, resulting in the IT system not performing as it was designed to. Because of this, many of the functions within the public service, which rely on this system, failed,” Greene told Barbados TODAY.

 

“We witnessed officers unable to access their email, which is a primary part of their work. This disrupted many of our members’ job functions,” he explained.

Elaborating on the SSA issue, Greene noted that their payroll system depends on the affected IT system, which caused the wage delay.

 

“Subsequent to that . . . we received notification from the SSA that they were able to upload the money to CIBC [bank] manually. This was later confirmed by the shop steward and SSA workers that the funds had reached their accounts,” he reported.

 

Greene said he had not received any further complaints about delayed wages. However, he expressed serious concerns about cybersecurity in the public service.

 

“We are deeply concerned about the possibility of workers’ private and confidential information falling into the wrong hands,” he warned. “Cybersecurity is an issue for us in ensuring personal information does not enter public domains.”

Greene added that the union will monitor the ministry’s actions to ensure promised measures to improve IT system security are implemented.

 

The MIST said it is working to resolve the issue promptly and apologised for the inconvenience caused.

 

But, Steven Williams, former cybersecurity adviser to the government’s Law Review Commission, called for urgent reforms. He said the government’s current IT setup lacks resilience and exposes operations to unnecessary risk.

 

“No situation should arise where the majority of government emails are on one mail server or one domain. If the domain barbados.gov.bb is attacked, it compromises most of the government’s email communications, which are often linked to other critical services,” Williams told Barbados TODAY.

 

He attributed the problem to cost-saving measures, criticising the government for consolidating digital communications.

“That should not be the case in 2024,” Williams added.

The cyber security expert highlighted Barbados Port Inc. as a model for robust IT systems, praising its technical resources and resilience.

 

“The government needs to build redundancy into its systems, assess where they should be, and address their vulnerabilities. More importantly, they must avoid having a simple outage bring operations to a grinding halt, as not everything is a hack,” he advised.

 

Williams, the principal consultant at Data Privacy and Management Advisory Services, insisted that whether the issue is a cyberattack or another disruption, it should not paralyse government operations.

 

Cheques made payable to the Permanent Secretary in the Ministry of Energy and Business will be accepted by the International Business Unit at its offices on the 8th Floor, Baobab Tower, Warrens, St Michael, said the ministry in a statement, making an apology for the inconvenience caused by the disruption.

emmanueljoseph@barbadostoday.bb