NASSAU, BAHAMAS – The Democratic National Alliance (DNA) expressed on Monday that it is gravely concerned about recent reports regarding a cyber-attack on the Broadcasting Corporation of the Bahamas (BCB), and Bahamians are being left in the dark as it relates to getting an update.
A statement released yesterday by the DNA’s Spokesperson for Information Technology, Samuel Strachan, outlined that no further updates have been provided to the Bahamian people and fundamental questions remain unanswered by a government that professes a commitment to transparency and accountability.
Last week, an individual would have caused the encryption of the BCB’s digital library and other data and was attempting to extort funds in the form of Bitcoins as a condition for decryption and restoration.
BCB Chairman Mike Smith confirmed that international hackers originally demanded $50,000 incremental payments of bitcoins which was eventually negotiated down to $18,000.
Yesterday, Strachan said that while the DNA appreciates that paying the requested ransom may not be in the overall interest of the BCB and the country, the Bahamian people remain in the dark on the overall strategy or course of action that the government has adopted to bring normalcy to the BCB’s operations.
“It is common knowledge that the BCB is a repository of invaluable historical data and materials which document important milestones in our nation’s history. Further, as a state-funded entity, an attack on the BCB constitutes an attack on the Government of The Bahamas and its people,” Strachan said. He added that the government must address this matter with the high level of importance, transparency and urgency it deserves.
“Pertinent details on potential data loss, recovery efforts, impact on operations, compromise of employees’ personal information, vendors’ details and proprietary information should be released forthwith,” Strachan demanded.
The DNA IT spokesperson said the recent ransomware attack also raises serious concerns about the business continuity and disaster recovery framework of the BCB. The Board and management of the BCB, he said, must immediately disclose whether a robust Business Continuity Plan (BCP) exists for the organization and its effectiveness.
“In the absence of such a framework, the BCB should move swiftly to draft and implement a BCP and Disaster Recovery Plan (DRP), which among other things, articulates a contingency plan for cyber-attacks and other operational disruptions,” Strachan said.
He said such a plan may also call for the update of computer and operating systems, installation and updates of anti-virus and anti-malware software, or conversely installation of Artificial Intelligence software, regular backup of important files, proper vetting of vendors and their approach to cybersecurity as well as relevant insurance coverage among other things.
As a further precaution, Strachan said the DNA also recommends that training sessions are held for staff to alert them to the instance of phishing tactics included in malicious attachments that may come via email or other sources.
“Additionally, Information Technology policies should be implemented that address email and internet usage inclusive of blocking non-work-related sites that may be prone to spreading viruses,” he said. “We call for the commissioning of a comprehensive vulnerability and penetration test to ascertain the areas of weakness within the BCB’s I.T. systems.
“The recommendations arising from such a test conducted by competent professionals must be implemented without delay.
“The DNA believes that these recommendations and information are both useful and instructive to all government agencies and departments, the private sector inclusive of small business and indeed the average consumer who possess a computer in their homes.”