Ministerial Statement by the Minister of National Security, The Hon. Wayne M. Caines, JP, MP
The Ministry of National Security has the responsibility for ensuring that our digital infrastructure is properly protected and that the risks facing it are properly mitigated. Cybersecurity is a national priority for the jurisdiction as a whole, as we signaled in the Speech from the Throne this past September. It is important at this time that I communicate both the actions that the Government is taking to protect information within its systems, as well as what is being done on a jurisdictional level as it relates to national infrastructure.
Mr. Speaker,
I last addressed the House on cybersecurity in September and spoke to the fact that Bermuda organisations and residents face cybersecurity risks on a daily basis. Cybersecurity is something we, the Government, take seriously. We know that other organisations and entities on the Island take it seriously as well.
Mr. Speaker,
Let me speak plainly for a moment. When I talk about cybersecurity, I am talking about protecting against the theft information held electronically by organisations or individuals. This information can be customer data, credit card information, volunteer files, company files, employee data or any other information that may be held in or flowing through electronic systems and computing devices. Cybersecurity also means protection against actions that a criminal may use to prevent an organization or individual from doing their business. This could be through denying access to the Internet, locking data and holding it for ransom, wiping hard drives, erasing backups, stealing information, interfering with mechanical processes or other practices that rely on technology.
Mr. Speaker,
Both the Government and private sector organisations have been committed for a number of years to increase cyber awareness and cyber preparedness in Bermuda. Recent events reinforce that the threats to the jurisdiction as a whole are real. Cyber incidents not only have the potential to interrupt services and damage our systems; they can also damage our reputation and economy. In September, I said that Cybersecurity concerns us all, because cyberattacks can affect us all.
Mr. Speaker,
Cybersecurity is a critically important issue to the Bermuda Government. So what have we been doing about it? Our Cabinet-level Cybersecurity Committee provides direction for the Government with the understanding that cybersecurity is not just an “IT issue” and is indeed a nation-wide risk management issue.
This means the identification and prioritization of risks, leveraging best practices and international standards in the implementation of solutions, creating and supporting the growth of a cyber aware culture across the Government and providing oversight to ensure that desired targets are met. The tone is set from the top and is based on collaboration and collective responsibility.
Mr. Speaker,
The Government has implemented an Information Systems Risk Management Programme to ensure our security practices meet internationally recognized standards. Also, as previously communicated, the Government adopted a cybersecurity framework, and continually improves it through implementation of polices, standards and processes based on international standards. At an operational level, protecting our assets and defending against attacks are critical components to system development and operation. And since cybersecurity must be addressed collectively by the full range of affected stakeholders across the jurisdiction, the Cybersecurity Working Group is developing the Cybersecurity National Strategy through a collaborative and inclusive process in order to ensure that both our national infrastructure and our jurisdiction are prepared, have established effective protections and are able to rapidly detect, respond and recover from cyber incidents.
Mr. Speaker,
This week has reinforced the need to continue to raise awareness across Government and throughout the community that cybersecurity is everyone’s responsibility. The threats are constantly evolving and cybercriminals use increasingly sophisticated methods and tools to exploit their targets. We must continue to provide and expand consistent messaging on cybersecurity to our students, seniors, staff and organisations on how to remain safe and secure in this digital age. We must continue to adopt and nurture an inclusive, collaborative culture concerning cybersecurity in the jurisdiction between the Government, the business community and the public to ensure that relevant and necessary information and support are available.
Mr. Speaker,
This includes developing better methods to share security-related information, including best practices and threat intelligence. We must prepare our workforce with skills that aid in protecting our organisations while also developing the proper cybersecurity skills that can help us to protect our information and resources more effectively. We must continue to work with local organisations such as, the Institute of Risk Management, and international organisations such as the National Institute for Standards and Technology, the International Organisation for Standardisation and the Commonwealth Telecommunications Organisation to leverage their experience and expertise in the implementation of best practices, thereby protecting our critical infrastructures and strengthening our detection, response and recovery planning. We must also continue to develop and implement laws, regulations and policies that ensure that any information that we maintain is properly secured and complies with international laws, regulations and treaties.
Mr. Speaker,
With the pace at which the modern world is moving, we cannot survive if we do not continue to develop and evolve our risk management and security practices. We must be diligent and committed to improvement and resilient in an environment where we are constantly under attack. While I can say that both the Government and Bermuda-based organisations are serious about cybersecurity, are thorough in our practices and are actively working to evolve the jurisdiction’s cybersecurity culture, we should not stop there. The cybercriminals do not. They’re already looking to find ways around the good work being done in Bermuda and in other jurisdictions around the world. So we cannot rest and we must remain vigilant in our work.
Thank you, Mr. Speaker.