Gov't says no JamCOVID data exfiltration, database to be moved
The investigation into the JamCOVID app has revealed that while there is evidence of unauthorised access, there is "no evidence of data exfiltration."
In a statement today, the Office of the Prime Minister (OPM) indicated that the probe by the multi-agency cyber analysis team is ongoing and the public will be advised further as the investigation progresses.
"While we acknowledge that there may be persons acting without malicious intent, Jamaican law requires that all instances of unauthorised access be investigated and, in fact, this would be the only way we could determine whether the access was malicious or not. The authorities have reached out to our overseas law enforcement partners for support," said OPM.
While the investigation continues, the Government says it is accelerating plans that were already underway to migrate the JamCOVID database.
"The cyber analysis team has undertaken a comprehensive review of security of the application and related databases and, in conjunction with the developer, significantly hardened the security of the system. The JamCOVID application continues to be a critical element of our controlled entry programme and has served us well in our management of the pandemic. We wish to reassure the public that the JamCOVID application is safe for use."
The government is also accelerating plans to boost the country's cybersecurity to make it more resilient.
This includes bringing the new National Cybersecurity Strategy to Cabinet in the second quarter of the upcoming fiscal year; launching a new Cyber Academy; and intensifying cross-agency cooperation.
This was revealed at the monthly National Security Council (NSC) meeting held earlier today, chaired by Prime Minister Andrew Holness.
The statement said already, the multi-agency cyber analysis team, including eGov, the Cyber Incident Response Team of the Ministry of Science, Energy and Technology, Major Organized Crime and Anti-Corruption Agency, and Communications Forensics and Cybercrimes Division of the Jamaica Constabulary Force, is in place and conducting critical assessments of the existing cyber landscape.
The Government will also be undertaking comprehensive review of security on all Government websites and networks to ensure compliance with international standards and best practices.
This process is underway with 162 website reviews completed and another 100 in progress to date.
"Any credible vulnerabilities that are identified are concurrently being rectified."
The Government said it wishes to assure the public that it is sensitive to the legitimate fears and concerns around data privacy and protection and is committed to pursuing a comprehensive approach to system-wide strengthening of [processes] as the country moves toward the creation of a digital society.
"It has been assessed that over the past few weeks there have been increasing instances of malicious cyber activity directed at both Government and private entities. We therefore urge the public to exercise greater care and vigilance through being on the lookout for phishing scams, properly securing and changing passwords, etc."
It added: "Cyber threats are real, we see that daily not only in Jamaica but in all countries. No one is immune. The most secure systems in the world have had security issues which have required remediation and strengthening. As a society, we have to recognise that these threats represent an inherent risk in the new digital world. Ultimately, this risk cannot be completely eliminated. Digital technology works because it is open, and that openness brings with it risks. What we can do is build our capacity to address and mitigate the risks."
Follow The Gleaner on Twitter and Instagram @JamaicaGleaner and on Facebook @GleanerJamaica. Send us a message on WhatsApp at 1-876-499-0169 or email us at firstname.lastname@example.org or email@example.com.