The Tribune

By YOURI KEMP

Tribune Business Reporter

ykemp@tribunemedia.net

A cyber security specialist yesterday said The Bahamas must close “gaps” in its legal and regulatory framework dealing with online crime if it is to strengthen the country's Computer Incident Response Team (CIRT).

Sametria McKinney, national CIRT manager and head of information security at the Central Bank of The Bahamas, told the second annual CIRT stakeholder conference that The Bahamas “doesn’t have the instruments to support” a robust cyber security response in the event of any major attack.

Discussing the need for stronger legislation to deal with cyber crime incidents, she added that the CIRT cannot do this work themselves. Instead, their job is to “drive and co-ordinate" when cyber security laws are enacted, and she called for more action from policymakers.

Ms McKinney said: “We need partners at every level. We need national partners, we need sub-regional partners, we need regional partners, international partners, and we need people who have done this before us and maybe know a little bit more than us in order to help us do this.”

A national CIRT strategy has not been fully developed to the point where it can be presented to the wider public, but there are pieces that have been completed and are being piloted. “We have designed and proposed the strategic committee already. We have done that and, when we were developing the strategy, we said these are some high-level critical action items that we need to pull out because they’re so important," Ms McKinney said.

"Even though the strategy hasn’t been officially approved, some of the work we are already doing.” While the CIRT has been “identified as the national authority”, it has yet to be formally established. Still, it has engaged with CARICOM IMPACS and other regional partners, as well as locally with the various armed services branches and agencies responsible for critical infrastructure.

Ms McKinney said: “It is important for the country to identify in legislation and protect those that we’ve identified. So we want to make sure that we set up a proper regulatory framework around those critical infrastructures so that we can support them, and we can support those essential services that are being offered.”

Financial services industry infrastructure is among the areas that need to be prioritised in combating cyber crime, along with public sector institutions that store sensitive data and information. Recognising what is a cyber incident also needs to be fully established and identified in any legislation moving forward. There also needs to be an education component for incident prevention methods.