Governor Dileeni Daniel-Selvaratnam chaired a special meeting of the Cabinet on Monday, December 30th, 2024, at the Office of the Governor, Leeward Highway, Providenciales.
All members of the Cabinet were present.
External cyber security technical experts and TCIG officials from the Ministry of Finance, DETI, and National Security briefed the Cabinet on the ongoing response.
Summary
On Wednesday, December 18, the Turks and Caicos Islands Government (TCIG) was the victim of a ransomware cyber-attack that resulted in major disruptions to services.
The investigation into the attack continues by external forensic investigators funded by the UK Government.
Due to a number of factors including the heightened threat of attack from malign actors, restoration and recovery is being conducted carefully, balancing the need for access to critical operations against the necessity for the safe restoration of services, appropriately secured against known threats.
TCIG has engaged external cyber security specialists who are taking forward the technical recovery, which is focused on the restoration of essential services. This has included deploying a capability that will manage the detection and response of any malicious activity within the network.
In order to accelerate the restoration of critical services, the relevant business continuity plans are being activated and initially focused on the TCIG financial systems to enable payments. In parallel, work is underway to build alternative systems whilst work is ongoing to restore systems. Additional resources is being sought to accelerate this further and to enhance security measures in the coming weeks.
Recovery and Business Continuity Measures
TCIG is working in collaboration with external forensic investigators and external cyber security specialists who are continuing to work around the clock to investigate the breach, contain the threat, and restore functionality.
Supported by a managed threat response service, all affected systems are undergoing comprehensive assessments to ensure their security before being brought back online and endpoint protection.
To mitigate the immediate impact, business continuity plans are being enacted to manually process outstanding and urgent payments. Priority will be given to the processing of payments prioritized by urgency within the following categories:
– Social Welfare
– Scholarship and Grants
– Healthcare Related Payments
– Cost of Living Program
– Financial Assistance Program
– Community Enhancement Program
– Utility Payments
– Bi-Weekly Employees
– All other approved payments for goods and services
A dedicated resource from the Ministry of Finance is being deployed to process these transactions manually while ensuring compliance with all necessary controls and safeguards. Consequently, non-urgent payments are likely to experience delays.
A detailed report on the nature of the attack and the steps taken to prevent future incidents will be submitted once the recovery process is complete.
The cabinet members were assured that every possible measure was being taken to address the incident comprehensively and ensure ongoing protection.
Cabinet was also advised that several other key databases and applications remain operational. These include:
* Status Cards;
* Passports;
* Elections Database;
* RDS application for Driver’s License;
* BMS Airport passenger processing; and
* ASYCUDA (customs clearance)
Cabinet affirmed its commitment to providing all the resources needed to restore TCIG’s systems, whilst also building resiliency to mitigate against future attacks.
