The Minister for Information and Communication Technology Timothy Masiu confirmed that the recent ransomware attack on the Department of Finance looks to have similar features of HIVE Ransomware that has recently hit health systems across the United States in early June 2021.
Mr Masiu said the government has a national emergency and incident response framework to deal with cyber security matters and the Department of ICT took operational oversight of the Cyber Security Operations Centre while the Cyber Emergency Response Team (CERT) continued to be maintained under NICTA.
He said it is certainly regrettable that the Department of Finance did not take up the offer for endpoint protection services from the National Cyber Security Centre (NCSC) nor used the CERT despite multiple circulars distributed to all public bodies on the NCSC.
“However, only a thorough ICT Audit can pinpoint where the vulnerabilities and oversights if any are and what preventative measures need to be taken moving forward. On that note, I do commend the Department of Finance for actions taken to recover from this cyber attack,” he said.
Mr Masiu said with respect to NCSC services, they remain optional until such time that the Digital Government Bill 2021 is enacted and once enacted; the Bill will give functions, powers, and enforcement mechanisms for the Department of ICT to strengthen the country’s cyber security measures and capabilities.