National Cyber Security Sensitisation Workshop PEGASUS HOTEL GUYANA

Transcription

1 FEATURE ADDRESS BY THE HON. KHEMRAJ RAMJATTAN, M.P., VICE-PRESIDENT AND MINISTER OF PUBLIC SECURITY AT THE OPENING OF A National Cyber Security Sensitisation Workshop PEGASUS HOTEL GUYANA August 12 13, 2015 Thank you very much Ms Angela Johnson, Permanent Secretary, Ministry of Public Security, Honourable Joseph Harmon, MSM, Minister of State, Your Honour Mr Carl Singh, O.E., C.C.H., Chancellor of the Judiciary, OAS Representative Mr Jean Rico Dormeus, Honourable Ministers, Honourable DPP, Excellencies from the Diplomatic Corps, Officials from the OAS, our team from CIRT.GY, Invited Guests, Friends, I would have rather been appointed to do a Welcome or Brief Remarks this morning than a Feature Presentation. I associate a Feature Presentation as an authoritative statement coming from a source with some qualification and knowledge of the subject matter. On this matter of Cyber Security I am quite frankly in the cloud. But as Ms Sandra Khan, who heads our Cyber Security unit, would have me know... and I quote her verbatim: It is exactly there where cyber security matters reside, Mister Minister, and so you are on. Something must be wrong with her I suppose.

2 Colleagues and Friends, in the two decades since Internet access was made available to Guyanese, it has evolved from a niche luxury service for a few to a common essential for almost all. 1. We use to communicate professionally and personally on a daily basis. 2. We use facebook and other social networks as part of business advertising strategy 3. We use Skype and WhatsApp to communicate with loved ones as well as for business purposes. We are communicating via video-conferencing. 4. We shop on Amazon and e-bay and watch movies on Netflix. 5. We read the news online and share ideas and collaborate online. 6. Our telecommunications companies and electricity corporations use information technology in the day-to-day provision of services 7. The World Wide Web is now our library. It is where we can easily access our laws, our Government's websites and conduct research. It is the platform for distance online education, for accessing YouTube for educational and entertainment purposes. 8. Government Ministries and Agencies as well as private sector organisations use ICT as an integral part of their day to day operations and the use of information and communication technologies is fundamental now to improving efficiency Indeed, during that time we have seen the provision of initiatives such as online banking, e-billing and applications such as GRA's Licence Transaction and Customs Declaration Checkers. But a lot more can be done, as I am advised. Possible Government Services that can be made available online include: 1 E-Law: Making available an online database of draft legislations and allowing the citizens to view the history of it when it was submitted, who submitted it and the changes made to it throughout the years. 2. E-Health: Contains information on diagnoses, doctor's visits, tests, hospital treatments, medications prescribed by a doctor etc. 3. E-School: The use of a web-based school-home communication environment. E-School engages parents more actively in the study process of their children by making information on subjects taught in school easily available to both parents and students. Using the e- School one can follow the marks given to students, their absence from classes, the content of lessons and homework and assessments given by teachers at the end of each study period.

3 4. E-Tax: Electronic filing of tax returns. 5. E-Cabinet: Something my colleague Mr Harmon might very well like...is used in Estonia to let ministers prepare for cabinet meetings, conduct them and review minutes. Well before the weekly cabinet sessions begin, the ministers access the system to review each agenda item and determine their own position. They then click a box stating whether they have any objections or would like to speak on the topic. That way, the Ministers' positions are known beforehand. Decisions that have no objections are adopted without debate, saving considerable time. Today, the entire word is so immersed in ICT that activities in cyberspace have become inseparable from the everyday operations of Business, Education, Government, and the Military. And actions online affect actions offline; and, vice versa. This greater adoption of Information and Communication Technology by Government mean more efficient services for citizens and the Administration, with a concomitant yield of an improvement in the quality of life of Guyanese. In order to accomplish this, in order to support citizen's participation in the use of online services, it is essential to build trust and confidence in Government Information systems as well as the underlying ICT Infrastructure. There is need, then, to develop a comprehensive strategy for making all of Government's key services online for easy access to all citizens of Guyana. This need arises, too, when the underlying ICT infrastructure is going to be affected in the future, whether by unintentional human error, by malicious actors or by natural disasters. Cyber insecurity as a result of these causes will be destructive to an economy like Guyana s. In a tripartite survey done by the IDB/OAS/Oxford University it was found that since 2013, Guyana and the rest of the Caribbean region saw an increase in cyber-attacks, obviously by malicious actors. A status report, as it were, was done on Guyana. That survey encapsulates our status rather accurately, I

4 am informed. I think it best to quote from it cause I don t think anyone can better a combination of IDB, OAS and Oxford. In August of that year 2013, the Government of Guyana established its national Computer Incident Response Team, CIRT.GY to respond to cyber security-related incidents. CIRT-GY lends technical assistance, sends advisories and alerts regarding cyber-attacks, and provides literature and tips on cyber security. It also regularly coordinates with the OAS and other national CIRTs to build technical capacity and share best practices and information, and is beginning to establish lines of communication with the private sector. CIRT-GY s scope is limited, however, by the absence of a national cyber security strategy or cyber defense policy and a lack of awareness of cyber-security issues in government. Furthermore, owners of Critical National Infrastructure (CNI) do not always adhere to security standards or report incidents, and the state has not formally assessed its CNI assets and vulnerabilities. When cybercrime occurs, the Criminal Investigation Department of the Guyana Police Force is responsible for investigating the case. While investigations have been carried out with some success, prosecutors and the judiciary are inadequately trained to handle electronic evidence. Legislative gaps are an additional roadblock. Guyana has some procedural law for dealing with computer evidence, but lacks substantive cybercrime law or legislation related to privacy and data protection. As opportunities for online banking and other e-commerce services grow, private-sector entities in Guyana are starting to prioritize cyber security as an important concern. Consequently, stakeholders have begun to invest in cyber-security training for their employees and not only those with IT roles. Currently, the government has an ad-hoc list of certified cyber security professionals. In civil society, on the other hand, cyber security awareness is generally low. Although CIRT-GY has explored the possibility of an awareness-raising campaign, to date neither it nor any other agency has led one. Finally, higher education does offer computer science degrees; however, Guyana s national education strategy does not include cyber-security topics into its curricula.

5 As of today, Guyana has relatively limited human and financial resources in terms of funding and staffing specific cyber-security initiatives. This means a national effort must be properly coordinated to ensure minimal duplication of efforts and an improved national response and readiness. Responding effectively to cyber-security threats require involvement of : 1 The Legislature: to ensure appropriate laws are enacted to properly prosecute cybercrime. In this regard we have 3 members of the Ministry of Legal Affairs presently attending a Cybercrime Legislation Workshop in Miami USA sponsored by the Department of Justice 2. Law Enforcement: to identify, investigate and provide the relevant evidence of criminal acts in the Courts. 3. Education: to train future generations of technical professionals. The need here will be to adjust the curriculum in schools to accommodate instruction in this area. On this score I will be speaking to Dr Rupert Roopnarine to get this done. And also to seek out bilateral assistance in overseas training in this area. 4. Incident response: a role presently being fulfilled by the Guyana National Computer Incident Response Team. 5. Public awareness: to expose users, both in the public and private sectors, to what are poor computer security practices. This is in addition to the ICT security community advocating best practices and guidelines to prevent incidents. In this regard, this is what this sensitisation workshop is all about. There is a final point I wish to make. There are a number of suspicious people out there who see in this act of promoting this cyber security sensitisation workshop, that this Government has an oblique motive of dragging them into a net so as to centralise control, control of their records and other private matters. This is furthest from the truth and furthest from reality. This suspicion came from quarters I least expected. That just goes to show how much more work we have to do. I hope this workshop, a long delayed development, will do just that to neuter those suspicions. And a whole lot more.

6 Thank you very much. And on to a successful upcoming two days of sensitisation work on this important matter. Thank you. MINISTRY OF PUBLIC SECURITY AUGUST 14, 2015