Govt establishes emergency, incident plan to deal with cyber security

The National Business

THE Government has a national emergency and incident response framework to deal with cyber security matters, according to Information and Communications Technology Minister Timothy Masiu.
He said this after the Government system through the Finance Department was hit by a ransomware attack that left its Integrated Financial Management System (IFMS) vulnerable for a week.
Masiu noted that in 2018, through the initiative of various agencies including the Department of the Prime Minister and National Executive Council, the National Information Communication Technology Authority (Nicta) with support from the Australian government, started a national cyber security centre project.
Under this project was a cyber emergency response team and a cyber security operations centre.
Cyber security services were offered as information communication technology (ICT) shared services under the national cyber security centre.
In addition to this, the national cyber security centre also offered training to Government agencies for level one training for cyber analysts.
Masiu said last year, the ICT Department took operational oversight of the cyber security operations centre while the cyber emergency response team continued to be maintained under Nicta.
He noted that the Finance Department did not take up an offer for endpoint protection services from the national cyber security centre, nor use the cyber emergency response team despite multiple circulars distributed to all public bodies on the national cyber security centre.
He said only a thorough ICT audit would they see where the vulnerabilities and oversights were, if any, and what preventative measures could be taken to secure their systems.
Masiu commended the Finance Department for the actions taken since to recover from the latest cyber-attack.
He said national cyber security services would remain optional until legislation (Digital Government Bill 2021) was enacted.
“Once enacted, the bill will give functions, powers, and enforcement mechanisms for the ICT Department to strengthen our country’s cyber security measures and capabilities.”