Gary Spaulding, Senior Gleaner Writer
The Ministry of Science, Technology, Energy and Mining (MSTEM) has signalled that it is in the process of organising a three-pronged assault on cybercrime.
According to Julian Robinson, state minister in MSTEM, an amended anti-cybercrime law with sharper teeth; a comprehensive strategy/policy and an emergency response mechanism form the three layers in the move to crush cybercrime.
Robinson referred to a new-look legislative framework, now in an advanced stage, which he said will make provision for significant increases in penalties for repeat offenders, and should be on the book by year-end.
Legislation being fine-tuned
The strengthened legislation is to be supported by a cybercrime policy that is being fine-tuned with the assistance of the Organisation of American States (OAS).
The cyber-security legislation, passed in 2010, calls for review after a two-year period and already a joint parliamentary committee, chaired by Robinson, has been established.
The committee has already made several recommendations to strengthen the law by putting in provisions that were not in place in the 2010 legislation. These include increase in penalties for repeat offenders. "We went through a detailed process in terms of strengthening the legislation," stressed Robinson.
Accompanied by members of the ICT team in his ministry, Robinson told The Sunday Gleaner that the third dimension is the establishment of an emergency mechanism called Cyber Emergency Response Team (CERT).
He stressed that while MSTEM does not have direct responsibility for each ministry, it has moved to put in place proactive mechanisms aimed at institutional strengthening in both the private and public sectors.
This is intended to provide minimum standards for data-driven organisations. "There is, at present, no cyber-security strategy or policy in Jamaica," said Robinson.
"So we engaged the Organisation of American States through its Inter-American Committee Against Terrorism, the body that deals with cyber-security issues."
Robinson revealed that the ministry has been engaging the OAS since March 2014. "We have been working with them on the development of cyber-security strategy for the country," he said.
OAS working for free
The MSTEM state minister added that the OAS has been working free of cost with a local cyber-security task force, which includes members of the private and public sectors.
"They have been working with us on developing this strategy, they sent a team down here over a one-week period and held consultations with the cyber-security task force," said Robinson.
He added that the consultations yielded a draft of the strategy that was sent to MSTEM.
"We have responded and they sent back again, completing two sets of drafts. We are now in final process of finalising a cyber-security strategy for the country, to create a framework within which we can operate."
At the third level, Robinson pointed to the establishment of CERT.
gary.spaulding@gleanerjm.com [2]
Blocking hacking: State agencies ready to fight hackers
We have some errors, but it has not necessarily affected the display of the site or anything like that. It would be concerning if persons can get on and deface it and replace it with content that would violate any government or international protocols.
We are in the process of doing an evaluation and to change out that entire website. There are other things in place that help to mitigate it until we can completely change out the thing. There is a initiative to do a complete overall; however, that is not something that you turn around and snap a finger, we have to go through due process.
We were actually doing some work on the website with the intention of changing some of the things on it. Relating to the various cascading errors and warnings and the HTML errors, I did not have anything to specifically indicate what the errors are ... so this is something that we would definitely have to look into in terms of fast-tracking the things that we need to tighten up. But to get to our database there are several more layers that you would have to go through.
Vulnerabilities and potential threats to the BOJ website are accorded high priority in order to ensure the accurate and continuous availability of the website as an efficient and effective tool for the timely publication of information. In an effort to meet this objective, the BOJ subscribes to and implements a number of international best practices, standards and measures to maintain the security of its websites. The BOJ regards security of the website and the availability and accuracy of the information that is published on the site as an ongoing exercise involving the timely identification and elimination of new vulnerabilities that may arise from time to time.