Turks and Caicos Islands – Governor, Her Excellency, Dileeni Daniel-Selvaratnam, chaired a special meeting of Cabinet held on Monday, 30th December 2024 at the Office of the Governor, Leeward Highway, Providenciales.
All members of Cabinet were present.
The Cabinet were briefed on the ongoing response by the external cyber security technical experts and TCIG officials from the Ministry of Finance, DETI and National Security.
Summary
On Wednesday 18 December, the Turks and Caicos Islands Government (TCIG) was the victim of a ransomware cyber-attack resulting in major distribution to services.
The investigation into the attack continues by external forensic investigators funded by the UK Government.
Due to a number of factors including the heightened threat of attack from malign actors, restoration and recovery is being conducted carefully, balancing the need for access to critical operations against the necessity for safe restoration of services, appropriately secured against known threats.
TCIG has engaged external cyber security specialists who are taking forward the technical recovery, which is focused on the restoration of essential services. This has included deploying a capability that will manage the detection and response of any malicious activity within the network.
In order to accelerate the restoration of critical services, the relevant business continuity plans are being activated, initially focused on the TCIG financial systems to enable payments. In parallel, work is underway to build alternative systems whilst work is ongoing to restore systems. Additional resources are being sought to accelerate this further and to enhance security measures in the coming weeks.
Recovery and Business Continuity Measures
TCIG is working in collaboration with external forensic investigators and external cyber security specialists who are continuing to work around the clock to investigate the breach, contain the threat and restore functionality.
Supported by a managed threat response service, all affected systems are undergoing comprehensive assessments to ensure their security before being brought back online and endpoint protection.
To mitigate the immediate impact, business continuity plans are being enacted to manually process outstanding and urgent payments. Priority will be given to the processing of payments prioritised by urgency within the following categories:
- Social Welfare
-
Scholarship and Grants
-
Healthcare Related Payments
-
Cost of Living Program
-
Financial Assistance Program
-
Community Enhancement Program
-
Utility Payments
-
Bi-Weekly Employees
-
All other approved payments for goods and services
Dedicated resources from the Ministry of Finance are being deployed to process these transactions manually while ensuring compliance with all necessary controls and safeguards. Consequently, non-urgent payments are likely to experience delays.
A detailed report on the nature of the attack and the steps taken to prevent future incidents will be submitted once the recovery process is complete.
Cabinet were assured that every possible measure was being taken to address the incident comprehensively and ensure ongoing protection.
Cabinet was also advised that several other key databases and applications remain operational. These include:
- Status Cards;
- Passports;
- Elections Database;
- RDS application for Driver’s License;
- BMS Airport passenger processing; and
- ASYCUDA (customs clearance)
Cabinet affirmed its commitment to providing all the resources needed to restore TCIG’s systems, whilst also building resiliency to mitigate against future attacks.