Roban: ‘very heart of public service has been attacked and immobilised’
Cybersecurity and national crime teams in Britain are supporting authorities in Bermuda after a “major cyberattack” that brought down government IT systems, the Governor said yesterday.
Rena Lalgie highlighted that although there was an early suggestion of where the strike originated, further speculation on the source was unhelpful.
Her comments came after David Burt, the Premier, said the initial indication was that the disruption came from “an external source, most likely from Russia”.
In a statement, Ms Lalgie said: “Bermuda’s government IT systems were subjected to a major cyberattack. That incident is ongoing.
“Whilst there was an early indication of the geographical source of that attack, any further speculation on the possible source or motivation for the attack would be unhelpful.
“I can confirm that the UK’s National Cybersecurity Centre and the National Crime Agency are aware of the incident, have been in contact with the Bermuda authorities, and are providing advice to support them.
“The Bermuda authorities are also receiving support from a range of commercial partners.”
She added: “Government will advise on the ongoing impacts to services of this attack on a regular basis.
“I am working with the Acting Premier, Cabinet and the Bermuda Police Service to support the immediate response.”
The Government advised members of the public yesterday that its telephone, internet and e-mail systems were disrupted and that all departments were affected.
Mr Burt said later: “The Government is experiencing some challenges with our IT systems.
“There has been an incident, which is affecting not only the Bermuda Government but some other regional governments as well.
“Our initial indication is it’s come from an external source, most likely from Russia, and we are working with agencies to make sure that we can identify any particular challenges and make sure that services are restored as quickly as possible.”
Interruptions to services continued yesterday.
In an early-morning post on social media, the Government said there would be a “full press briefing later in the day” to update the public.
Walter Roban, the Acting Premier, addressed MPs in the House of Assembly “on matters of crucial national importance”.
He said: “At approximately 10pm on Wednesday, September 20, Government’s IT systems experienced a serious cyberattack which resulted in the disruption of services across government departments.
“An immediate investigation has commenced by the Department of Information and Digital Technology and the matter was reported to the Bermuda Police Service, who also commenced an investigation.
“The cybersecurity committee was convened to review this matter.”
Mr Roban added that the department took immediate action and started work on systems containment.
He said the IDT team closely worked with internal and external resources on restoration and recovery.
He told the House: “Government has ongoing contact with Government House and we are grateful for the support from the UK National Cybersecurity Centre.
“It is recognised that this regrettable incident will cause concern to many in our community and we will continue to regularly update the public.
“I do not want people to underestimate some of the sensitive security issues and international issues around this matter.”
Mr Roban said: “The very heart of public service has been attacked and immobilised.”
MPs heard that members of the international business community contacted the Government to help and that local banks offered assistance “with making sure that certain obligations that the Government has over the upcoming days and weeks will be met”.
Mr Roban said that the Government, financial institutions, large corporations and “even individual citizens have clearly been violated by this incident”.
He added: “As we go through this process I just wish to assure everyone in this House and the country that the work is being done around the clock.
“Many people are not sleeping to get this rectified, and I can assure the country and this House that we will get the answers that are desired.”
The Acting Premier highlighted: “I would remind people this is a very delicate situation.
“There are international implications around some of the issues that have arisen as a result of this.”
A UK Government spokesman said later: “The UK takes its responsibilities in the Overseas Territories seriously.
“We have a longstanding convention that we do not comment on security matters.
“We are in close contact with the authorities in Bermuda following a cyber incident and offering them advice and support.”
Service disruption included systems at the Magistrates’ Court, which meant staff worked manually to get through the day’s business.
At the General Post Office, documents could be accepted for post but not packages or parcels; and cash or cheque payments could be made but not card payments.
Walter Roban, the Acting Premier, has insisted that, although the cyberattack had penetrated the very heart of public service, Bermuda was still “open for business”.
In a statement this evening, Mr Roban, who is also the Minister of Home Affairs, listed a host of government services that had continued to function after IT systems had been demobilised.
He reassured residents that emergency services had not been affected by the attack.
He said: “I can advise that from a national security perspective 911 system has not been disrupted an there are no expected delays in responses by emergency services.
“There are no operational disruptions to Customs, Corrections, the Regiment or the Police.”
He said that motorists were able to license vehicles online while the Transport Control Department was able to process driving, riding and vehicle exams manually.
The courts were also expected to operate as usual, with cashiers processing payments manually, although Supreme Court hearings were expected to be “limited”.
Mr Roban added that there was “minimal impact” on schools or at the Department of Child and Family Services.
Work-permit applications at the Department of Immigration were being collected and a drop box was being collected throughout the day.
“The envelopes are being opened and applications date-stamped as proof of receipt then placed on hold until we can process using our normal systems,” Mr Roban said.
The Department of Consumer Affairs was accepting walk-in and phone-in clients, while the Post Office is delivering letter mail.
Mr Roban said: “They are giving some customers their packages with a promise to sign off to pay later.”
The MyBermudaPost website is also operational with orders being processed manually.
LF Wade International Airport is also fully operational, although passenger processing is being carried out manually and all passengers must complete an arrival card upon landing.
The Bermuda Health Council said there were disruptions to its registration process and added: “Please be advised that until this matter is resolved, our ability to respond to inquiries and process registrations will be limited.”
An HSBC spokeswoman said there was no negative impact on the bank as a result of the disruption but added that it was supporting the Government and helping “to find a pragmatic solution”.
Butterfield Bank’s systems were unaffected, a spokesman said. He added: “We are working with stakeholders to support.
“We advise clients to stay vigilant against cybercrime every day and to protect themselves by keeping their details safe.
“Our dedicated security and fraud webpage has more information and tips.”
It is understood talks took place at Clarien Bank to support people who might become low on funds as a result of the cyberattack.
Douglas De Couto, a One Bermuda Alliance senator, highlighted that it was important to know which essential government services were affected and the extent of the impact.
He wrote in a statement posted to X, formerly known as Twitter, that the Premier was "now reportedly off the island and absent from his responsibilities“.
Dr De Couto added: “Furthermore, in light of the recent cyberattack that impacted and took government infrastructure offline, the public deserve answers.
“We need to know which essential services have been affected and the extent of this impact.
“What exactly did this cyberattack compromise and whose private data may have been breached or lost?
“The island has been met with nothing but silence and this is no way to run a government.
“It’s clear Premier David Burt and the PLP government have checked out.”
Fernando de Deus, the chief executive of Ingine, a technical solutions company that offers IT security services, highlighted how organisations could be targeted even if a range of protective measures were used.
Speaking in general terms and not commenting specifically on the Government’s practices or the incident, he said: “It could happen to anybody, you could just be unlucky. It’s not something that you’re prepared for.”
He pointed out that an organisation’s first line of defence was its people.
Mr de Deus said: “You could have a number of things in place but your user is, unfortunately, your biggest threat, so an excellent information security awareness programme is vital to any organisation.
“Yes, you need visibility, you need to have controls in place, that’s all great, but you also have to ensure that all your users are aware of the dangers, are aware they shouldn’t be clicking on things.”
He explained that visibility related to having a clear picture of where people and resources, such as devices, were located and how they were used.
Mr de Deus added: “I cannot stress enough the importance of having strong security controls in place and multifactor authentication is key.”
• Have you been affected by the IT systems disruption? Please e-mail news@royalgazette.com
Need to
Know
2. Please respect the use of this community forum and its users.
3. Any poster that insults, threatens or verbally abuses another member, uses defamatory language, or deliberately disrupts discussions will be banned.
4. Users who violate the Terms of Service or any commenting rules will be banned.
5. Please stay on topic. "Trolling" to incite emotional responses and disrupt conversations will be deleted.
6. To understand further what is and isn't allowed and the actions we may take, please read our Terms of Service