Gov’t to create cybersecurity authority and academy
ROSE HALL, St James — Minister without portfolio in the Office of the Prime Minister Floyd Green said the Government is in the process of creating a cybersecurity authority and academy as it moves to accelerate its digital transformation agenda and strengthen its capacity to address rising incidence of cybersecurity breaches.
Green made the announcement on Friday during a panel discussion on data privacy and security at TechBeach Retreat Jamaica 2022 held at the Iberostar Rose Hall resorts on the outskirts of Montego Bay, St James.
He told the Jamaica Observer in an interview following his presentation that the project, for which implementation will begin next year, will be multiyear.
“One of the things we have done is to take a 360[-degree] look at where we are on the transformation journey and how we can beef up our cybersecurity apparatus. So has had a Cybercrimes Act, which we’re now reviewing and we did have a Cyber Incident Response Team (JaCIRT) — very, very small team,” Green told the panel.
“Now we’re moving towards developing a national cybersecurity authority,” he continued, adding that funds have been “earmarked” for the creation of the body which will be led by the Ministry of Science, Energy and Technology.
The minster also shared that the Government will be working with international partners to create the cybersecurity academy. When questioned further, he revealed that the European Union (EU) will be providing assistance.
“What we want is a special focus on training around cybersecurity, so we’re looking to our partners the EU to see how we can develop a national cybersecurity academy and, really, that is to train at the various levels of cybersecurity. So those are the two major initiatives and it’s being led by Minister [Daryl] Vaz,” Green informed the Sunday Observer.
Moreover, he said, since the EU already has the expertise, it could share how the cybersecurity authority is supposed to be structured and operated.
The two initiatives will also strengthen JaCIRT’s response mechanism to cybersecurity threats.
The push for the cybercrime authority and academy comes after two years, since Parliament passed the Data Protection Act, and following the appointment of an information commissioner to have oversight with regard to the implementation and enforcement of the Act. The legislation was developed around the European Union’s General Data Protection Regulation.
According to Green, the Act defines who owns data and, therefore, gives rights to the data owner as it regards consenting to the acquisition and sharing of such data.
“But, more importantly, it now puts the responsibility on the data controller to have to be fair in the processing of data and not take more data than is needed for the purpose,” he told the TechBeach Retreat audience.
However, while noting the transformational impact of the Data Protection Act, he said that Jamaica is not where it needs to be. To this end, he said that the conference was one platform by which to get the message out.
Underscoring that “cybersecurity is everybody’s business” and, therefore, is all encompassing, Green shared that the Government is aiming to work with the private sector to “train our government cohort in basic cybersecurity principles because oftentimes that’s the entry point”.
While the Ministry of Science, Energy and Technology will be spearheading the formation of the cybersecurity authority and academy with the involvement of private sector and international partners, it will be collaborating with the Office of the Prime Minister, Ministry of National Security, and Ministry of Education on the implementation of the projects.
So far discussions have begun among the various government entities for the implementation.
“We’ve already had preliminary meetings, we’ve already identified some funds, especially in relation to the authority side, we’ve already had preliminary meetings with universities around the academy side. They are moving in tandem,” Green disclosed to the Sunday Observer.
“By next year we’ll have a comprehensive document [that outlines exactly what we want to do],” he added.
Commenting on the involvement of private sector, the minister said, while the cybersecurity authority will be a government entity, the issue of cybersecurity is “a bigger challenge for private sector, but the Government has to provide some capacity”.
JaCIRT has reported that between October last year and this year there were 86 reported cases of cybercrime, more than double the 42 recorded in the same period between 2020 and 2021. But experts claim this number could be more due to underreporting.
Since 2020 companies such as Massy Distribution Jamaica, VM Wealth Management, and National Commercial Bank as well as the Government’s JamCOVID website and the National Land Agency have reported either a data breach or cyberattack.
When asked if these incidents were the basis for creating the cybersecurity authority and academy, Minister Green said that as the country advances further into the digital age, there is a need for “the framework to support it.
“So as we’re building the house we have to look at the opportunities and strengths…but as you look at the opportunities you have to look at the challenges and you have to guard against the challenges,” he said.
“What I’d love Jamaicans to appreciate is the 360 approach to the issue of digital transformation. We’re not just looking at the efficiency side and forget security. We are not going to only place energy, time, and expertise but also resources on the security side,” he told the Observer.