Cyberattack: Burt evasive on personal data
David Burt has declined to say whether hackers behind a “sophisticated and deliberate” cyberattack that caused chaos across the Government’s IT systems were demanding a ransom.
When asked if ransomware had targeted the Government, the Premier answered: “Our focus is making sure we get government systems up and running safely.”
When pressed on the question, Mr Burt reiterated that the focus was restricted to restoring systems.
He said he was aware there had been “a whole lot of speculation” around the attack, which has paralysed systems across the Government and which was noticed last Thursday morning.
At a press conference last week, the Premier said: “It does not at this point in time appear that any data has been taken, so that’s at this point in time but it does appear that systems are affected.
Yesterday he declined to say whether there had been a data breach, telling media: “The investigation efforts are still ongoing, and it would not be wise for me to comment on specifics at this time.”
Asked when the Government would be in a position to speak on the nature of the attack and whether the public’s data had been compromised, Mr Burt said: “Once the investigation is done, we will do our responsibility to be full and transparent with any of those requests.”
Mr Burt said there was “some information that I will not be able to divulge at this time”.
The Premier said a number of resources had come online as of today, including the government’s own website.
However, he said the attack had brought “unprecedented stress” across the government system, calling it a national security issue.
The Premier acknowledged the news of the attack was “concerning to many in the community” adding: “I want to reassure that there has been a non-stop effort to identify what happened, how it happened, and resume business and normal operations safely.”
Mr Burt said “an infiltration of government systems” had occurred late on Wednesday evening.
Police with the Department of Information and Digital Technology “immediately began to assess the nature of the attack”.
“They made every effort to isolate the points at which the infiltration occurred.
“Once it became clear that this was not an ordinary interruption to the network, in accordance with best practices, all government network users were immediately directed to disconnect and shut down all devices connected to the network.”
Mr Burt said he had engaged specialist assistance by Thursday evening and that concurrent with restoration is work to move over to “an enhanced network” within the Government with upgraded security.
Mr Burt, who held the press conference in the Cabinet office flanked by ministers, said the full Cabinet had met four times since Thursday to approve restoration.
Rena Lalgie, the Governor, held a meeting of the Governor’s Council today with the Premier, the Attorney-General, the national security minister and the tourism and Cabinet office minister.
Last week, the Governor said UK security experts were helping the Government with the attack but today the Premier declined to say if they were still assisting.
He added that it would be “inappropriate” for him to discuss what was said in the meeting.
Mr Burt said that just as weekly-paid government workers were paid on Friday and Saturday, monthly-paid employees would have their pay at the end of this week as scheduled.
Transport, education and the hospital were “operating without interruption”, and Mr Burt said the Government was “working on a timeline that persons can follow” for the ongoing restoration.
He said the “next several days will be critical” for recovery and “no resources are being spared”. The Premier said services would come online as soon as it was safe to do so, adding that it would possibly be a couple of weeks before everything was restored.
The Premier addressed his trip to Washington on Friday after the crisis unfolded, saying that “government leadership is not just about the moment but consistently having an eye on the future”.
He said meetings with “key legislators” had in some cases taken “months to secure” and that discussions to “advance direct foreign investment in Bermuda was necessary”.
He said he had remained “fully connected to the issues here at home”.
Mr Burt highlighted that cybersecurity had been moved to the Ministry of National Security by the Government “as we view it as a national security issue much far broader than a technical issue and there has been significant work that has been done”.
He said there were “many ministers around me who have been locked out of their accounts because they haven’t completed the monthly and regular training”.
“So the fact is that we continue to make our systems more strong and more resilient but these are things that have happened in numerous places, cases and instances where there are spaces so we just need to continue the work to make sure we get better.”
Mr Burt said he was “sure” that the IT systems were regularly tested against breaches.
“We constantly review government systems and we constantly make changes,” he said, highlighting investment in improving user awareness as well as security
He added that back-ups were done “very regularly”, as recently as last Wednesday night.
“Not all government systems were impacted. However, out of an abundance of caution, for containment, government services were taken offline.”
He said a new network was under development, which “might be slow” but had to be done safely.
“For the full functionality that may have existed, we may be talking about a couple of weeks.”
On the issue of potential reputational harm inflicted to a jurisdiction billed as a fintech hub, the Premier said he would not “sugar coat it and say this is something that is not negative”.
“But the fact is, these are things that do happen quite often. This is the nature of IT systems.”
Speaking last Thursday, Mr Burt alluded to other regional governments that had been hit, and said it was likely the attack came from within Russia.
Yesterday he said he would have to check with the person who had spoken with him last week, but that at the time information pointed to “enterprises from that region”.
The Premier was also asked if the island had been targeted by cyberattacks in the past.
“When the extent of the attack became clear, there was a need to take different actions than the responses we took in the past.”