CYBER RISK

Local consultant warns of lurking danger of attacks; says critical agencies should be protected

By Jenique Belgrave

This island’s critical infrastructure, including its water, health and food systems, are at high risk of cyber threats, says Data Privacy and Management Advisory Services Principal Consultant Steven Williams.
“If I have to say a level exposure out of 10, I would probably say that our risk is around seven or eight,” he said, while speaking to the media on Thursday afternoon at Hilton Barbados on the recent cyberattacks that severely-impacted services at the island’s main medical institution and a credit union.
Identifying the airport, Barbados Port Authority, Barbados Water Authority (BWA), Queen Elizabeth Hospital (QEH) and other vital agencies as critical infrastructure, he said the largest cybersecurity concern for Barbados must be the protection of these entities.
He suggested that information be shared within this group to create a common baseline upon which to build more resilience.
“I think the biggest problem is that we aren’t communicating or talking. So the hospital isn’t talking to the port, the port isn’t talking to (Barbados) Light & Power and are they talking to the BWA about cybersecurity? No. We need a critical infrastructure summit, where we sit down and say, ‘this is where we are in terms of risk’…We need to get to a common baseline,” he said.
WIlliams also raised serious concerns about the interconnectivity of some critical systems.
“Look at the electric company. Whenever the electric company goes offline, so does the water. So that’s a domino effect. We need to find a way to mitigate that risk. Why should electricity go off and I can’t drink water? The water goes off and that puts the hospital in jeopardy if the hospital’s water system does not have a back up. We must have more resilience than saying one institution can take the whole country down,” he said.
Williams who was the guest speaker at the Rotary Club of Barbados’ weekly meeting said the government should move to have critical infrastructure legislation and a security operation centre protecting these networks.
“In terms of the hospital and any data going into the hospital, it must be scanned, cleaned and then monitored, not to see what sort of information is there, but monitored to see where the traffic is likely to come from and who it is likely to be,” he added.
He suggested that the government re-establish the Computer Emergency Response Operations. This, he said, would maintain an important step as the staff of this department would be dedicated to responding to threats.
Questioned on concerns surrounding identity theft as some Barbadians continue to express concerns over the Electoral Boundaries Commission posting online the eligible voters’ list ahead of the January 2022 elections, the consultant advised persons to look at ways of protecting their identities.
“I think citizens right now should be a little bit more nuanced and go beyond antivirus and look at solutions that manage and protect their identity, because no one can say for sure that the information that has been published under the Electoral Commission’s election list is not being used to compromise citizens in some way. We don’t know. The fact is no one can prove either way. All we can do is to go forward from there and know that if it’s a possibility, it’s a risk,” he stated.
The list contained the names, addresses, dates of birth, gender and national registration numbers of over 200,000 residents.
jeniquebelgrave@barbadostoday.bb