Ring of defence against IT threats passed by Senate
The Senate has approved cybersecurity legislation giving the island an additional layer of protection against cybercrime.
The passage yesterday of the Cybersecurity Act 2024 follows the Computer Misuse Act, greenlighted by the Upper House last month.
Owen Darrell, the Government Senate Leader and Minister of Tourism, Culture and Sport, said that the Act provided the administrative framework “to ensure the protection of computer systems that support the Government and other essential services such as energy and water supplies, our air and seaports, telecommunications, healthcare and financial and banking institutions”.
Mr Darrell said that after last September’s cyberattack on government systems, “even with existing protections in place, restoration and recovery from the attack was a tremendous effort”.
He added: “While the cyberattack was distressing for Bermuda, it served to accelerate and enhance the development of a cybersecurity legislative framework.”
Mr Darrell said the legislation paved the way for a cybersecurity advisory board through a public-private partnership.
The board will advise the Government on cybersecurity as well as overseeing the protection of crucial infrastructure.
The legislation also gives a mandate for the Ministry of National Security to run a national cybersecurity incident response team.
Mr Darrell said the legislation allowed the designation of critical IT infrastructure and powers to ensure they met minimum cybersecurity standards.
Mr Darrell said it increased the Government’s ability to stop “those commonly referred to in the cyber world as threat actors”, with the cybersecurity unit, from which an incident response team would operate, to oversee government IT.
A chief information officer was appointed in June 2023 to head the unit, which will undertake annual “cyber-risk assessment of critical national infrastructure” and give a report with recommendations to the minister and the board.
Opposition senator Douglas De Couto said the legislation “creates many layers of organisation and accountability”.
However, while the Bill “totally makes sense on paper”, he questioned: “Do you have the right people doing the right things?”
Dr De Couto added: “I would like to see more private sector involvement on that board to provide a balance of opinion, perhaps bring in some outside expertise from the relevant industries and experts working on the island or even overseas.”
He noted only three members of the private sector would sit on the nine-member cybersecurity board, with the remaining six as “quango, government-affiliated employees”.
John Wight, the independent senator, gave “in principle” support for the Bill, adding: “We live in a very dangerous cyber world, getting more dangerous day by day.”
Mr Darrell said the board and cybersecurity unit would both have “the right people” and that the Government had collaborated with the International Telecommunication Union in this regard.
Responding to a question from independent senator Kiernan Bell, Mr Darrell said private sector board members would be paid according to the normal process for government boards.
The Senate also approved an increase in court fees with the Court Fees and Expenses Amendment and Validation Rules.
Noting that court fees had not risen in more than 60 years, Mr Darrell said the increase was “long overdue and will become arduous the longer they are delayed”.
He added that it would put Bermuda on par with jurisdictions such as Cayman Islands.
Both independent senators supported the increase, with Dr De Couto deeming it “a step in the right direction”.
Need to
Know
2. Please respect the use of this community forum and its users.
3. Any poster that insults, threatens or verbally abuses another member, uses defamatory language, or deliberately disrupts discussions will be banned.
4. Users who violate the Terms of Service or any commenting rules will be banned.
5. Please stay on topic. "Trolling" to incite emotional responses and disrupt conversations will be deleted.
6. To understand further what is and isn't allowed and the actions we may take, please read our Terms of Service