Mr. Speaker,
In our increasingly digitized world, we are ever more dependent on the Internet and Information Technology to process our sensitive information and support critical services. These technologies represent significant economic and social opportunities for Bermuda. However, they also represent increasing risks that we must address. The cyber threats we face continue to increase in frequency and sophistication, with potentially devasting effects.
Mr. Speaker,
Around the globe many public and private sector organizations have faced damaging cyber-attacks. Municipal Governments, including the cities of Baltimore, Atlanta, and New Orleans, have experienced cyber-attacks that disrupted city services, and required millions of dollars for recovery. As a result of a cyber attack on its systems, the city of San Franciso was locked out of its own network by a rogue IT staff member.
Mr. Speaker,
In 2022, Costa Rica was targeted by a series of cyber-attacks that are estimated to have cost more the $30 million dollars per day, and required the Government to declare a state of emergency. There have even been incidents of Cloud Service Providers and Hospitals closing after being targeted by devastating cyber-attacks.
Mr. Speaker,
These incidents demonstrate the extreme threat that cyber attacks represent to all of society. We must continue to identify and understand the cyber threats we face and implement adequate protections against them. This must include the ability to detect, respond to, and recover from cyber-attacks.
Mr. Speaker,
The Ministry of National Security has been working diligently to help ensure that Bermuda has adequate capabilities to defend against cyber threats. After conducting an assessment and capacity building workshop with the International Telecommunications Union and Bermuda Critical Infrastructure stakeholders, the Ministry developed a plan and structure for a dedicated cybersecurity unit. When this unit is operational, it will establish and operate the Bermuda Cybersecurity Incident Response team. The unit will also provide specialized cybersecurity resources and capabilities to support the protection of Bermuda Critical National Infrastructure entities within both the public and private sectors.
Mr. Speaker,
In addition to providing on island cyber defense resources and capabilities, the unit will also provide cybersecurity training and opportunities for Bermudians to gain experience and skills in the important and growing field of cybersecurity. We must develop our local resources and capabilities in this area to avoid becoming overly dependent on overseas vendors, contractors, and service providers.
Mr. Speaker,
The Ministry of National Security, in close collaboration with local stakeholders and experts from the Council of Europe, developed a plan to update Bermuda’s Cyber Crime related legislation to align with requirements of the internationally recognized Budapest Convention on Cyber Crime. The Budapest Convention on Cybercrime is a multilateral treaty that promotes international standards and cooperation for the prevention, and prosecution, of cybercrime. Sixty-eight (68) countries are signatories to this agreement.
Mr. Speaker,
The legislative aims and drafting instructions have been approved by Cabinet, and parliamentary council is currently drafting the updated legislation. Alignment with the Budapest Convention will help support the effective investigation and prosecution of cyber crimes within Bermuda and facilitate international cooperation to address cyber crimes that cross international boundaries.
Mr. Speaker,
Working in close collaboration with Bermuda stakeholders, the Ministry of National Security developed and obtained Cabinet approval of drafting instructions for new Cybersecurity legislation which is currently being drafted by Parliamentary Council. This legislation will establish a framework to help ensure that Bermuda Critical National Infrastructure entities implement and maintain adequate protection against cyber threats.
Mr. Speaker,
At the community level, given the rise in the number of cyber scams, in which people have been duped into giving personal financial information to scammers, it is important that members of our community protect themselves by being aware of unscrupulous cyber criminals and their devious tactics. For example, people should be suspicious of emails that are received from unknown senders, or emails that request personal or financial information. To protect themselves, people should never share their passwords, banking details, or PIN numbers, in response to an email request or to an unknown caller, for example.
Mr. Speaker,
In order to raise awareness of the perils of cyber crime, government has run programmes and media alerts in the community. These programmes provide information to seniors and schoolchildren about online cyber safety, cyber bullying, and secure computer practices. We intend to continue this awareness campaign to ensure that the message of cyber security is reinforced throughout the community.
Mr. Speaker,
Members of the Ministry of National Security Cybersecurity Team and the Disaster Risk Reduction and Mitigation Team assisted experts from the UK Home Office with conducting a National Cyber Risk Assessment earlier this year. The assessment covered nine critical infrastructure sectors and included meetings and interviews with 29 Bermuda Critical Infrastructure entities within Government and the private sector.
Mr. Speaker,
In March, the UK Office delivered their report and recommendations and the Premier and I reviewed these with Her Excellency, the Governor. I am pleased to report that most of the findings and recommendations from the report are already addressed in our National Cybersecurity Strategy and Government Cybersecurity Programme. The areas not already addressed will be considered when we update the cybersecurity programme and strategy during the current fiscal year.
Mr. Speaker,
The Ministry of National Cybersecurity Unit will be implementing systems to provide independent logging and monitoring to support the detection and investigation of attacks against critical Government IT Systems and information. This logging and monitoring capability will be provided and maintained independent of the IT staff, vendors, and contractors who implement, operate, and maintain Government IT Systems. Independently maintained logging and monitoring is an industry recommended best practice. This segregation of duties is necessary to protect against potential attacks by rogue insiders, and external vendors or contractors who may attempt unauthorized access to Government information and IT Systems. Independent logging and monitoring is also important to help ensure that rogue insiders, external IT vendors, and contractors do not violate the privacy of Government IT System users.
Mr. Speaker,
In the coming months, the Ministry of National Security will work with the Cybersecurity Governance Board, experts from the International Telecommunications Union, and Bermuda Critical Infrastructure stakeholders to update the Bermuda Cybersecurity Strategy and seek approval for the updated strategy from Cabinet.
The internal Government Information Systems Risk Management Committee, chaired by the Permanent Secretary of National Security, will also work to continue the development and implementation of the Government Cybersecurity Programme to ensure Government IT Systems are designed, implemented, operated, and maintained with adequate security.
Mr. Speaker,
Updating and implementing the Bermuda Cybersecurity Strategy and internal Government cybersecurity programme will help ensure that we continue to address the ever-evolving cyber threats that impact both our public and private sector critical infrastructures. The Cabinet Cybersecurity Committee, of which I am the Chair, also includes the Deputy Premier, the Hon. Walter Roban, and the Hon. Vance Campbell. The committee is working diligently to support Cabinet level direction and oversight of Cybersecurity within the Government and across Bermuda.
Thank you, Mr. Speaker.