Cyber Incident Response Team Fully Equipped and Operational

The Cyber Incident Response Team (CIRT), aimed at safeguarding Government information technology (IT) systems against cyber threats, is now fully equipped and operational.

The team was set up through technical assistance from the International Telecoms Union (ITU) and the Inter-American Committee against Terrorism (CICTE), an arm of the Organization of American States (OAS), which provided funding for the purchase of equipment and training of personnel.

Minister of State in the Ministry of Science, Technology Energy and Mining, Hon. Julian Robinson, tells JIS News that the team is mandated to deal with critical technical issues as they relate to cybersecurity.

“This organisation is essentially a team that monitors Jamaica’s cyberspace for any warnings or threats,” he points out.

CIRT is charged with creating a framework to build and enhance confidence in the use of cyberspace, with a view of advancing Jamaica’s economic interests and maintaining national security under all conditions.

It is responsible for coordinating cyber-related incident response, timely recovery from incidents, rapid distribution of advisories and alerts within the Government; and continuous monitoring of threats to the Government’s IT resources.

The team will ensure that risk assessments are undertaken, and the necessary preventive measures, best practices and standards are applied and promoted in the public and private sectors.

The setting up of CIRT is part of the human resource and capacity-building measures under the National Cyber Security Strategy (NCSS), launched in January 2015.

The NCSS establishes an all-encompassing framework to guide the country’s efforts in averting potential cyber threats.

Contained in the strategy, are  targeted campaigns to facilitate understanding potential threats and risks likely to be faced by particular stakeholder groups, and action that they can take to protect themselves.

According to the NCSS document, “cybercrime is a rising criminal trend, which is estimated “to cost more than cocaine, heroin and marijuana trafficking put together.”

The police have dealt with about 2,000 cybercrime cases annually over the past two years.

The NCSS outlines steps that the Government will take in order to fight this rising criminal trend. In addition to the capacity-building measures, the other aspects of the strategy are technical, legal and regulatory, and public education.

Since the launch of the strategy, most of the actions under each element have been implemented.

Among the technical measures undertaken is the introduction of the Office of the Chief Information Officer to promote secured, integrated e-services across  the Government.

The Minister of State reports that under the legal and regulatory component, the Cybercrimes Act has been passed, with the strengthening of sanctions for existing offences and new provisions introduced.

“We completed the amendments to the Act late last year and it was passed in both Houses of Parliament. We have begun preparations for the Data Protection legislation, which we intend to table in the next financial year,” Mr. Robinson informs.

The public awareness strategy has seen the designation of October as Cybersecurity Awareness Month, and the Ministry is gearing up to launch of the Stop.Think.Connect. education campaign.

The capacity-building measures under CIRT include the training of critical personnel in cybersecurity, as well as  members of the security forces.

Mr. Robinson tells JIS News that the OAS and the ITU have assisted greatly in the training of the CIRT staff, with some of the team members travelling abroad for training and to observe best practices. Some trainers have also travelled to the island to conduct sessions.

He informs that CIRT will continue the research and development of technologies to facilitate quick detection, response, mitigation, and recovery from threats, as well as to continuously revise the policies and procedures in order to remain relevant and effective.

As such, it will keep a close eye on what is happening in other countries such as the United States of America, the United Kingdom, and Australia.

The CIRT team has been in office officially since January 2016, but has been operating remotely since August 2015.

During this period, five major advisories as well as three major alerts have been issued and the team responded to a threat at the Government’s information agency, Jamaica Information Service (JIS).

A report is also generated on a quarterly basis with information about major advisories and alerts relevant to Jamaica.

The State Minister reports that CIRT is now finalising the content for an online portal, where persons can access additional information, and Government agencies will be able to make reports about cybercrime incidents.

In the meantime, Mr. Robinson is advising online users to “think before you click.”

He says persons should be careful about opening links that are found in emails, tweets, posts, and online advertising, as clicking on these links could introduce viruses to computers and also open the door to data predators.

“Know who the email is coming from before you click,” he urges.