The Tribune

By YOURI KEMP

Tribune Business Reporter

ykemp@tribunemedia.net

A Bahamas-based cloud services provider yesterday said developing a comprehensive national response strategy to deal with cyber security breaches can be “complicated” and “take years”.

Scott MacKenzie, Cloud Carib's chief executive, told Tribune Business that forming a Computer Incident Response Team (CIRT) national strategy is “very complicated” because multiple factors must be considered.

“It definitely takes years for governments and nation states to develop that as a practice, because it’s not really building out like a company or a business; it’s really more like being a broker and managing relationships with carriers and service providers and public emergency response services and things like that, our police force and law enforcement. So it’s very, very complicated what they’re trying to achieve," he explained.

The Bahamas' CIRT strategy has not been developed to a point where it can be presented to the public because it is still being developed. There are also gaps in the cyber security legislative framework that currently prevent the national strategy from being fully realised.

Mr MacKenzie said: “CIRTs are typically used as both reactive and proactive [measures], so it would typically work with the Office of the Attorney General and law enforcement to bolster policy and generate policy and legal reform, but also at the same time be used to set up what happens in the event of an incident or when there is a response to it.

“For example, if the hospital got hacked or their equipment got malware or something like that, the police would have to come in and do an investigation. So it’s not as simple as saying you have an IT problem because you have to follow the chain of evidence for the IT infrastructure, so it’s a very complicated procedure.”

Part of this complication involves taking snapshots of IT systems before they are breached, so investigators can have something to compare before and after any cyber breach occurs. This can become a “long and lengthy legal process", which has “to be followed from a cyber response perspective”, Mr MacKenzie added.

“I’ve been through a couple of cyber incidents like that in my lifetime, and usually it's 24 to 72 hours that people are actually in data centres just to actually do the evidence and information gathering because of the activity that happened," he recalled.