Submitted by James Bynoe – Senior Cyber Security Consultant
The recently reported hacking of the Barbados VAT system should serve as yet another trigger for the Barbados government to ensure that our national cyber security house is in order. As a senior cyber security consultant who has lead ICT vulnerability assessment for large and small public and private sector organizations worldwide I can tell you that the effective protection of Barbados’s public and private key network infrastructures is a challenge that must be confronted proactively and “not” reactively. The successful hacking of a major financial institution in Barbados if publicized globally could have a devastating economic impact on the Barbados economy, stemming from potential massive lost in investor confidence in our ability to protect information and financial assets.
Unknown to most many hacking events are broadcasted worldwide via numerous hacker communities, the hacking of the Barbados VAT system could place “Barbados” on the “hit list” of thousands of criminal hacking enterprises worldwide, it is therefore imperative that government proactively establish a national cyber security strategy which address and provides guidance on a wide range of cyber security risk areas for both the public and private ICT sectors.
It has been proven by many global ICT research organizations that it is always significantly more costly for organizations and governments to recovery from hacking events then it does to implement “proactive” technical, management and operational security controls and protections. I also believe that we have the local ICT expertise in Barbados to become regional leader for the future delivery of a wide range of cyber security technical, management, operational support services to both the public and private sectors that will be needed with government support.
With that said below are a few things Barbados can do to strengthen our posture in cyber security while cultivating and expanding this emerging ICT area:
# 1 – Establishment of a Caribbean Center for Cyber Security (CCCS) in Barbados which will act as a centralized regional cyber security “think tank” for harnessing best of breed cyber security technical, management and operations plans, policies, and procedures which can be tailored to meet the many nuances of the Caribbean cyberspace environment. The core mission of the CCCS will be to provide standards and technology usage guidance to protect the public and private sectors in Barbados against threats to the confidentiality of information, integrity of information and processes, and availability of information and services in order to build global “trust and confidence” in Barbados’s ICT capabilities and resources.
# 2 – Establishment of a Regional Cyber Security Assessment Service Center for Government Networks via the CCCS. This will provide the region with an independent security vulnerability assessment capability that can be used to periodically assess an organization’s cyber security posture using global cyber security best practices.
# 3 – Review and update the Barbados government’s ICT security operations and monitoring capabilities with proactively monitors against cyber security attacks.
# 4 – Support the expansion of Cyber Security Training and Education in Barbados in the effort to lower our national dependence on external international entities for cyber security expertise. In order to effectively ensure our continued technical advantage and future cyber security posture, we must develop a technologically-skilled and cyber-savvy workforce in Barbados, with an effective career pipeline of future Barbados Cyber service professionals.
# 5 – Facilitate Improved Barbados and Regional Research and Development partnerships with Global ICT Cyber Security Solutions Providers and R&D organizations to ensure the Caribbean has timely access to best of breed emerging technologies and threat data. CARICOM ICT leadership can play a significant role as this initiative which will allow us to coordinate and redirect research and development efforts across regional nations while working to define and develop Caribbean centric strategies to deter hostile or malicious activity in cyberspace.
# 6 – Support the Establishment of a Barbados Public Cyber Security Awareness Campaign to strengthen the future cyber security environment by expanding public cyber security awareness and knowledge to include awareness of credit card fraud, ATM crimes, and Identity Theft to mention a few key topics.
# 7 – Support Regional Cyber Security Information Sharing as feasible with emphasis on combating common regional cyber security vulnerabilities and threats. This initiative will enhance Barbados’s situational awareness of regional cyber security incidents and threats.
# 8 – Establish a Barbados Cyber Security Risk Management Framework and Governance body which leverages international risk management and governance best practices to ensure the Confidentiality, Availability and Integrity (CIA) of BGIS Public and Private Information and Communication Infrastructures.
# 9 – Establishment of a Barbados based Caribbean Computer Forensics Capability in Barbados which will support growing local and regional public and private cyber security forensic needs.
In closing I would like to share a little story I was an invited guest speaker on the topic of Cyber Security in Barbados and a man stood up during the question and answer period and asked me “Do you think cyber criminals really care about Barbados we are too SMALL?”
My answer: “size in cyber space means nothing access means everything …. and this is what criminal hacking enterprises are look for each minute of every day across multiple time zones via an expanding range of tools and techniques.”