JavaScript is disabled in your web browser or browser is too old to support JavaScript. Today almost all web pages contain JavaScript, a scripting programming language that runs on visitor's web browser. It makes web pages functional for specific purposes and if disabled for some reason, the content or the functionality of the web page can be limited or unavailable.

Friday, February 21, 2025

CWU agrees TSTT cyber breach report should go public

by

25 days ago
20250127
Communication Workers’ Union secretary general Joanne Ogeer

Communication Workers’ Union secretary general Joanne Ogeer

Asha Javeed

Lead Ed­i­tor In­ves­ti­ga­tions

asha.javeed@guardian.co.tt

Com­mu­ni­ca­tion Work­ers’ Union (CWU) sec­re­tary gen­er­al Joanne Ogeer is sup­port­ing Gov­ern­ment’s de­ci­sion to pub­licly re­lease the Telecom­mu­ni­ca­tions Ser­vices of T&T (TSTT) cy­ber breach re­port.

And she is ques­tion­ing why Min­is­ter of Pub­lic Util­i­ties Mar­vin Gon­za­les and TSTT were is­sued a pre-ac­tion pro­to­col let­ter by for­mer em­ploy­ees.

Her com­ments come af­ter the Sun­day Guardian yes­ter­day re­port­ed that two fired for­mer TSTT ex­ec­u­tives - for­mer chief ex­ec­u­tive Lisa Agard and chief fi­nan­cial of­fi­cer Shi­va Ram­nar­ine - had sent a le­gal let­ter to Gon­za­les last Thurs­day and in­sist­ed the re­port should not be laid in Par­lia­ment.

The for­mer ex­ec­u­tives be­lieve that the re­port, which con­tains po­ten­tial neg­a­tive find­ings on their role dur­ing the cy­ber breach, “is laden with con­jec­ture and is there­fore in­fect­ed with un­law­ful­ness.”

In the le­gal let­ter, sent by at­tor­ney For­tis Cham­bers’ Ka­ri­na Singh, the duo said if they do not re­ceive a favourable re­sponse from Gon­za­les, they will seek leave “to ap­ply for ju­di­cial re­view for an or­der re­strain­ing the pub­li­ca­tion of the re­port on the ba­sis that the pub­li­ca­tion would be il­le­gal, ir­ra­tional and/or pro­ce­du­ral­ly im­prop­er.”

The re­port, which was re­quest­ed by Gon­za­les fol­low­ing the cy­ber breach on Oc­to­ber 9, 2023, was done by in­ter­na­tion­al cy­ber­se­cu­ri­ty firm Kudel­s­ki Group.

“Why the se­cre­cy?” Ogeer ques­tioned in a state­ment to Guardian Me­dia yes­ter­day.

She ob­served that Gon­za­les told the me­dia that noth­ing sur­prised him in the re­port, so she was con­fused about what the for­mer ex­ec­u­tives were try­ing to hide by ask­ing it not be made pub­lic.

“Pre-ac­tion pro­to­col let­ters are just, in the union’s view, a way to stymie the process. If you have noth­ing to hide then do not use the law to block any­thing. Re­veal the re­port,” she said.

Ogeer on­ly cau­tioned against the IT as­pect of the re­port be­ing made pub­lic so as not to com­pro­mise the com­pa­ny. She said the is­sue is ac­count­abil­i­ty and trust and as such, the re­port should be re­vealed and peo­ple be made to ac­count.

Fol­low­ing the cy­ber breach, Gon­za­les or­dered an in­de­pen­dent in­ves­ti­ga­tion in­to the in­ci­dent and gave an un­der­tak­ing that the find­ings would be made pub­lic via the Par­lia­ment.

The Kudel­s­ki re­port is an in­de­pen­dent re­port. Fol­low­ing the breach, TSTT en­gaged the ser­vices of a lo­cal in­de­pen­dent cy­ber­se­cu­ri­ty com­pa­ny, Cy­ber­Eye, which is af­fil­i­at­ed to Cross­word Cy­ber­se­cu­ri­ty Plc in the Unit­ed King­dom, to do a root cause and log analy­sis, se­cure re-en­able­ment, as­sess the ef­fec­tive­ness of TSTT’s cy­ber­se­cu­ri­ty con­trols for pro­tect­ing its in­for­ma­tion as­set against cy­ber threats and, fi­nal­ly, threat mon­i­tor­ing and de­tec­tion as part of its in­ter­nal in­ves­ti­ga­tion.

Agard and Ram­nar­ine ar­gue that Kudel­s­ki failed to give con­sid­er­a­tion to those re­ports which were com­plet­ed.

On Sat­ur­day, Gon­za­les said the re­port took too long, but in­sist­ed it would be made pub­lic al­though he could not give a def­i­nite date. He said it was sent to the Na­tion­al Se­cu­ri­ty Coun­cil for re­view.

“When the re­port is laid, the coun­try will see some of the key rec­om­men­da­tions as to what TSTT needs to do to boost its cy­ber­se­cu­ri­ty. I can al­so say that TSTT has done a lot of work in the last year to com­ply with some of the rec­om­men­da­tions in the re­port,” he said.


Related articles

Sponsored

Weather

PORT OF SPAIN WEATHER

Sponsored