The IT Services Department has been working at a feverish pace since last Wednesday to safely bring the Land Registry Portal back into operation and offer all services to citizens, reports Sigma's journalist, Yiannis Selinopoulos.
The cyberattack by sophisticated hackers who demanded a ransom to unlock government agency data inevitably brought to light two key questions:
How secure are government agencies more broadly against these types of attacks today?
Who bears the responsibility for the now proven low level of cyber security of government services?
Sigma asked specific questions to the political Head of the Digital Security Authority, Commissioner of Electronic Communications, Giorgos Michailidis, about the Land Registry case.
The answer was that, two days ago, a decision was made not to make relevant public statements.
When asked whether or not the Digital Security Authority is responsible for what happened in the Land Registry, he was clear: "The Digital Security Authority sets the Principles and the relevant framework. The extent to which these Principles are followed is up to the IT Services Department and the government agencies themselves.
When asked if they followed the framework of the Digital Security Authority, he replied that "we follow, in the land information system there are IT Services Department officials who have been working since the system started, since 1999 we have IT Services Department officials, it used to be called IT Service, who are with us, and they help us and together we proceed to see how we will strengthen our security, certainly taking into account the suggestions of the Digital Security Authority and the Deputy Ministry of Digital Policy, if we go this way. I would not like to go into details at this stage.
Since yesterday, Sigma has been trying to contact the Director of the IT Services Department to investigate the matter, but without a response.
But how can anyone lay all the blame on the Department of IT Services, when the Branch Committee of the Department of IT Services itself has been sounding the alarm for years and issued a relevant announcement yesterday?
The attack of the past Wednesday at the Land Registry could happen at any other government agency.
The cyber-attack comes to verify the fears and concerns of the staff of the IT Services Department, for the dangers that lie ahead and for the smooth operation of the Government's information systems.
The Branch Committee of the Department points out that for years sounds the alarm about the problem of understaffing, which inevitably has an impact on the quality of service it offers to the entire Public Service.
"I have the impression that it is not only about the Land Registry, but about all the services of the State, and I am sure that the appropriate measures will be taken to strengthen the cyber security if you like, especially of the state sector».
It is clear that the understaffed IT Services Department must now upgrade cyber security not only at the Land Registry, but gradually across the entire Civil Service, all parts of which are at risk from hackers.
According to internet security expert Dino Pasto, "if an agency or government agency doesn't have the right staff who are skilled enough to do these things, then it's going to take a lot longer to get a service back.'' ;.
If one studies carefully on the main page of the IT Services Department website, you will see that on January 27, 2023, qualified candidates are requested to fill 9 Fixed-term Employee positions.
If he does the same on the website of the Digital Security Authority, he will see that the Authority offers 20 permanent positions to strengthen it.
18 permanent Engineer positions, 1 position of Senior Technical Sector Engineer, and 1 position of Senior Regulatory Engineer Sector.
But even if the staffing gaps are filled, will it be enough? Are the staff of digitized government services, such as the Land Registry, properly trained? According to Mr. Pastos, "in conjunction with the training of the human factor, i.e. to be informed about the types of attacks, the ways in which the attacks are carried out, what to open, what not to open in attached messages, in general the practices that a company must follow in order to it can keep all its staff updated at regular intervals, and at the same time install various security policies».
This is all about prevention. But what about treatment? The solution noted by the experts is to keep files that are not connected to the same network so that they are not infected by the cyber attack. Mr. Pastos emphasizes that "in short, if there is a file today in a business and the building burns down and he can then go to that file to retrieve it, then that means a real file. In other words, to be able to have a file which, no matter what happens in the space you are in, or in the network you are in, will not be affected.
According to information from Sigma, in the last 24 hours, similar cyberattacks to the one on Cypriot private companies have also accepted land registry for ransom.
Read also: Research Assistant: Hackers one step ahead – I will not sleep until the end of the term