No, Mr. Rohee, NCIRT is alive and well as part of GoG’s cyber security architecture

Dear Editor,

The Ministry of Public Telecommunications takes this opportunity to address the hypocritical attempt of former Minister of Home Affairs, Mr. Rohee, to mislead the nation and more disingenuously, scare and dissuade citizens from using government’s online services. I refer here to his letters to the Kaieteur News editor (26th February 2019) and Stabroek News editor (28th February 2019) which falsely claim that the Government of Guyana has disbanded the National Cybersecurity Incident Response Team (NCIRT).

I wish to inform the general public that NCIRT continues to execute its mandate under the Cybersecurity Division of the National Data Management Authority (NDMA). This includes issuing cybersecurity advisories and responding to cybersecurity incidents within the Public Sector. NCIRT can be contacted by Telephone (592)-231-6860, email: info@cirt.gy, and through its website: https://cirt.gy.

Further, Mr. Rohee’s claim that former staffers of NCIRT were “Left jobless, … [and] went off to seek their fortunes where their skills were needed”. That is a blatant attempt to deceive the nation and sow seeds of discord. The truth of the matter is, Mr. Rohee’s “small, but highly qualified team of computer experts, engineers and programmers” comprised 1 Head, 1 Engineer, and 1 Technician. The Head abandoned NCIRT by tendering her resignation with immediate effect when informed of its merger with the NDMA, while the Technician resigned from NCIRT a mere two months after the merger was effected. The Engineer remains on staff at the NDMA.

Permit me, Editor, to enlighten Mr. Rohee and explain to readers the broader framework under which NCIRT and Cybersecurity operate within the governmental structure.

In recognition of the critical role that ICTs shall play in the development of our country, President Granger in January 2016 established the Ministry of Public Telecommunications. This administration understood clearly that a concerted approach was needed to leapfrog Guyana into the digital age after 23 years of wastage and mismanagement of ICT initiatives. The latter is most notably evidenced in the failed USD5M Dense Wavelength Division Multiplex (DWDM) Project in 2014. This project involved terrestrial laying of delicate fibre optic cable from Lethem to Georgetown. Then there was the USD32M eGovernment network which was built in 2012/3 but remained un-utilised and it had begun to rapidly deteriorate over a period of 2 years.

Thankfully, the eGovernment network was salvaged when this coalition Government took office in 2015. However, the fibre optic cable that was landed at Lethem and laid ON the roadway, was so badly executed that none of it could have been salvaged.

The Ministry of Public Telecommunications is responsible for Internet governance, digital skills, digital promotion, digital entrepreneurship, e-Government, posts and telecommunications, and cyber security. One of the first tasks we undertook was to harmonize and rationalize Guyana’s ICT investments and operations up to that time (these included a number of initiatives undertaken by the previous administration) and they were all brought under the umbrella of the National Data Management Authority (NDMA). The initiatives were:

  • The same NCIRT that Mr. Rohee claims is non-existent
  • The One Laptop per Family programme which was rebranded as the One Laptop per Teacher programme
  • The eGovernment Project Unit

This merger with the NDMA was a deliberate decision on Government’s part to advance its structured eGovernment agenda. NDMA, created by an Act of Parliament in 1983, is mandated to inter alia see to the “establishment and maintenance of reliable communication linkages in the Public Sector in order to achieve optimal utilization and deployment of computer resources”.

So, after its inauguration in 2016, to begin to clean up the mess created by the previous administration’s mismanagement, my Ministry recruited over 100 professionals who included more than 70 ICT Engineers and Technicians, and we expended considerable effort and resources to:

  1. Salvage and operationalize the eGovernment network
  2. Establish over 170 Community ICT Hubs that provide free Internet access to residents
  3. Provide Internet access to over 300 educational institutions at the primary, secondary and tertiary levels
  4. Provide secure network connectivity and Internet access to over 120 government agencies
  5. Establish the Public Sector’s first IT Leadership Technical Working Group (TWG)

Additionally, given our now expansive online presence as a result of the Coalition Government’s hard work, we have anticipated an increased number of threats to our ICT infrastructure, and we have taken several steps to mitigate and adequately respond to these threats whenever they occur.

1. Cybersecurity Governance: Establishment of a Cybersecurity technical working group in March 2017 aimed at creating and promoting GoG-relevant cyber security standards, policies, guidelines and best practices for the Ministries, Agencies and all other governmental bodies. The working group comprises representatives from 12 public sector agencies.

2. Cybersecurity Situational Awareness: Development of Government cybersecurity incident reporting system to provide resilient and secure mechanisms that enable Government Ministries and Agencies to report cybersecurity incidents. With this measure, Government can now adequately assess and monitor Guyana’s cyber-threat landscape so that our available resources can be directed to effectively address cybersecurity issues.

3. Improving Government ICT Ecosystem Hygiene

a. Continually issue cybersecurity tips and guidelines on NCIRT’s and NDMA’s website and social media platforms
b. Prepare and disseminate cybersecurity brochures in communities across Guyana
c. Implement web filtering policies to provide a safe online environment for schools and students connected to the eGovernment network
d. Provide notification and guidelines to public sector entities to counter new and emergent cybersecurity threats and attacks

4. Capacity Building: Leveraging our international and regional partnerships (International Telecommunications Union (ITU), LACNIC, OAS-CICTE, IDB, Governments of India, China, Israel, and the United States) to strengthen Guyana’s Cybersecurity capabilities through multi-tiered training of over 60 persons in areas including:

a. Type specific network security training
b. Unified Threat Management
c. Log Analysis
d. Security Awareness
e. Security Vulnerability Assessment
f. Incident Response and Threat Intelligence
g. Network Intrusion & Digital Forensics
h. Reducing Cybercrime
i. Cybersecurity Strategy & Leadership

5. Network and Cybersecurity Operations Centre: Establishment of our 24/7 cybersecurity and network operations centre to proactively monitor and respond to incidents on our network infrastructure and services. In these instances, the NCIRT team advises and when required, works closely with entities to effect remediation measures.

6. Investment in Cybersecurity Automation and Integration Tools and Services

a. Acquired Security Incident and Event Management (SIEM) tools to collect, analyse, and correlate logs from our Unified Threat Management system to provide greater visibility and security alert information.
b. Outsourced services to ensure proactive monitoring of Government’s online presence.

Editor, as you can see, all of these investments and programmes reflect a comprehensive approach to Government’s cybersecurity management which is a far cry from the three-person team lauded in Mr. Rohee’s letter. It is clear that Mr. Rohee fails, through the insufficiency of the advice provided to him, to understand the complexity of what is required for a modern cyber security architecture.

With respect to the attack on GPL’s servers, I will say that in this connected world it is not a case of ‘if’ one will be attacked, but rather ‘when’. In this scenario, what matters is the preparedness for a quick and appropriate response to such attacks.

In closing, I wish to draw a parallel between this and a similar attack which occurred on GWI’s infrastructure in January 2017. The investigations that were carried out indicated that the perpetrators in the GWI incident may have been assisted by staffers of GWI’s IT department, some of whom have close connections with high ranking members of the Opposition. In this era of politically motivated cyber attacks, nothing can (or should) be ruled out.

Yours faithfully

Cathy Hughes
Minister of Public Telecommunications