Minister of Public Housing, Spatial Planning, Environment and Infrastructure VROMI Egbert Doran.
~ To be outsourced ~
PHILIPSBURG--No in-depth audits were conducted on the information technology (IT) infrastructure network of utilities company GEBE, Minister of Public Housing, Spatial Planning, Environment and Infrastructure VROMI Egbert Doran told Members of Parliament (MPs) on Friday. The audits will have to be outsourced.
Doran was responding at the time to questions from Party for Progress (PFP) MP Melissa Gumbs during the legislature’s Question Hour.
“It should be noted that the Internal Audit Department over the past years has submitted their internal audit plans in which the ICT [Information and Communications Technology – Ed.] Department was subject to be audited. It should also be noted that the Internal Audit Department does not have the capability to audit said processes, as the department does not have an EDP [Electronic Data Processing] IT auditor.
“As a result, the IT audit will have to be outsourced. The necessary preparation was made; however, approval remains pending,” Doran told MPs.
“No in-depth audits were conducted over GEBE’s IT infrastructure network,” he added.
He said it is management’s intention that consulting assignment would be the most appropriate alternative at the time, considering the implementation of cybersecurity and the fact that GEBE’s IT process was never audited other than the IT process that impacted the financial statements. “To further elaborate, the advantage of consulting assignment – it will be an internal document, basically the starting point for NV GEBE where findings and risks can be identified and recommendations can be implemented.”
Asked whether there has ever been a project-based plan to migrate the company information, Doran said: “In good effort of transparency, the current management is not aware if there was any other plan.
“However, GEBE is basically now in line with cybersecurity best practices, but most important to note is that GEBE is very cognisant that this ever-changing landscape means that we have to continue to evolve and keep the pace in order to ensure that we are always protecting our data – the integrity of our data – and also our digital assets.”
As it relates to the company’s business continuity and disaster recovery solution, he said a new data backup and Business Continuity and Disaster Recovery (BCDR) solution was implemented at GEBE that takes incremental snapshots of select servers throughout the day and backs up the data to the new BCDR device with cloud-based replication to two geographical US-based data centres in Pennsylvania and Utah.
“Furthermore, the solution has built-in ransomware detection and backup validation. If the protected server fails, it can be virtually restored on the local device or a cloud in the worst-case scenario.”
On the issue of disciplinary measures, he said government would have to enquire with the Supervisory Board of Directors whether disciplinary measures need to be applied in this situation. He indicated that training is taking place with staff in the ICT Department and in other departments as it relates to the attack the company experienced.