The government may never know who was behind a recent attempted cyber attack because its defensive systems activated so quickly and effectively that “none of the typical investigative breadcrumbs were left behind”, according to officials responsible for cyber security.
Two initial reports, one by government and one by experts brought in from Deloitte, have concluded that an attempted breach on 9 Feb. was thwarted by the Cyber Security Office and no infiltration of systems or exfiltration of data took place.
Deloitte is undertaking a third and more detailed independent review and assessment of the security event and is expected to report soon.
Many of the questions the Compass has put to the government remain unanswered, with officials citing national security, but they have been robust in assurances that no actual hack took place.
Speaking on Radio Cayman’s ‘For the Record’ show on 23 Feb. 2024, Pamela Greene, the director of the government cyber and information security office, under the Ministry of Innovation, said: “The Cayman Islands government was targeted with an attack attempt. It wasn’t successful.”
She explained: “Our AI-based systems detected an intrusion into our systems, and we took prompt action to halt, block, and thwart that cyber attack attempt, pretty much in line with our standard operating procedures.
“Our prompt response meant no government systems were compromised. However, as part of good governance, risk management and best practices, we engaged a third party to independently review and assess.”
Charles Brown, acting chief officer at the ministry, said on the show: “We have taken international best practice standards in addressing this attempt, and we brought in Deloitte as a third-party reviewer to do some deep dive analysis of systems.
“And this is also just to give us assurance that there is no, what we call, ‘persistence’, anywhere on our systems.
“All reports are incredibly positive, and the attack was thwarted, and we are very thankful that our defences have held true.”
A ministry statement said: “Who was behind the thwarted attack is under investigation by RCIPS working with our global law enforcement partner agencies in the UK, namely the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and the FBI in the US.
“Informing these agencies is part of our standard operating procedure. It is our belief that we acted so quickly, that none of the typical investigative breadcrumbs were left behind – meaning it is unlikely we will find out who was behind the attempt.”
It went on: “Strict access measures are in place when it comes to data retention along with encryption protocols, regular security audits, data minimization protocols, advanced security defence systems and next generation intrusion detection and prevention systems and rapid response.”
The statement said the government has a solid reputation globally and in the overseas territories, in particular, for the advanced and robust cyber security systems that are in place. In addition, as per common practice globally, it said the government does not discuss cyber attempts publicly because they can cause unnecessary alarm and create significant risks of exposing cyber defences.
Had the attack been successful, government would have been under a legal obligation to inform the Ombudsman.
Since learning of the foiled attack, the Compass has sought to work with government to report as comprehensively as possible on the event but the ministry has explained that several questions cannot be answered on national security grounds.
These questions include how long the attack lasted; what form it took (such as DoS – denial of service, malware and phishing); what agency or data set was targeted; and when international partners at the FBI, National Crime Agency and National Cyber Security Centre were informed.
The Compass has also asked the FBI, NCA and NCSC to confirm when they were notified of the attack by the Cayman Islands government, but has not received any response.
Related Videos
