JamaicaEye hack heightens concerns over security of nation’s digital infrastructure
Published:Monday | June 12, 2023 | 1:05 AM
Concerns have been raised about a perceived failure of the Government to ensure that proper security measures are in place to prevent cyber attacks on national infrastructure. This after the latest incident in which the JamaicaEye closed caption television system was compromised over the weekend.
In a statement yesterday, the Ministry of National Security (MNS) confirmed the cyber incident, which affected access to the JamaicaEye website.
The ministry sought to assure the nation, however, that the website was not connected “in any way” to the central infrastructure of the surveillance system, which meant that there was no compromising of any video footage or evidence recorded by the JamaicaEye cameras.
At the same time, the ministry acknowledged that it was unable to confirm if data related to persons registering their interest in partnering with JamaicaEye had been exfiltrated.
“A team comprising of experts from the MNS, JCF (Jamaica Constabulary Force and MOCA (Major Organised Crime and Anti-corruption Agency), is currently evaluating the extent of the breach and have commenced the investigation. Further updates will be provided in a subsequent release,” the ministry said.
However, the People’s National Party (PNP) declared its dissatisfaction with the response from the ministry, noting that there has been a worrying series of high-profile, successful attacks on state-run websites.
‘Fourth breach in recent times’
In a statement, Andre Haughton, shadow minister for commerce, innovation, and technology, said he had a “deep concern regarding the recent hacking of the JamaicaEye website, which marks the fourth occurrence of a government website breach in recent times”.
Added Haughton: “Such incidents highlight the vulnerabilities we face in the digital age and the urgent need to address cybersecurity threats. Realistically speaking, Jamaica has not invested as much as we should in cyber security infrastructure for public bodies. This issue is not unique to JamaicaEye. As a matter of fact, all the government ministries, departments, and agencies’ websites and cybercrime preventative measures are deficient.”
He went on to argue that with the impending establishment of the Data Protection Act, which will come on stream at the end of this year, there are government bodies that have vulnerabilities in their website that make them less secure and less capable of protecting citizens’ information.
For his part, Haughton said that to prevent future breaches and enhance the security of the nation’ digital infrastructure, he was proposing specific mechanisms and solutions.
In closing, Haughton called for the Government to take immediate action and allocate the necessary resources to implement these solutions effectively.
“Together, we can strengthen our cybersecurity defences and build a resilient digital ecosystem that safeguards our nation’s interests and secures our future. Let us stand united in protecting our digital landscape,” he stated.
Under the National Closed-Circuit Television Surveillance Programme, dubbed ‘JamaicaEye’, which was launched in 2018, citizens and business owners with cameras pointing in the public space have been able to voluntarily input their feeds into the national system.
Haughton’s proposals for preventing future breaches, enhancing digital infrastructure
1. Strengthened Firewall and Intrusion Detection Systems: This will help safeguard our networks against unauthorised access and malicious activities by continuously monitoring network traffic and identifying suspicious behaviour.
2. Multi-Factor Authentication (MFA): This adds an additional layer of security by requiring users to provide multiple forms of authentication. This significantly reduces the risk of unauthorised access, even if passwords are compromised.
3. Regular Security Audits and Vulnerability Assessments: This can proactively identify weaknesses and potential entry points for hackers on government websites and systems.
4. Continuous Employee Training and Awareness: Educate government employees about common cyber threats, safe browsing practices, and how to identify and report suspicious activities. Well-informed employees are a vital line of defense against cyber-attacks.
5. Encrypted Communication Channels: Implementing end-to-end encryption for sensitive communications, both within the government and with the public, ensures that data remains confidential and protected from interception.
6. Cybersecurity Incident Response Plan: This plan should outline clear procedures for detecting, analysing, containing, and mitigating cyber threats. It should also establish effective communication channels to notify relevant stakeholders and the public in the event of a breach.
7. Collaboration with Cybersecurity Experts: Engage with cybersecurity experts, both locally and internationally, to fortify our digital infrastructure. These experts can help identify emerging threats, implement best practices, and leverage their knowledge to enhance our cybersecurity capabilities.