Asha Javeed

Lead Ed­i­tor In­ves­ti­ga­tions

asha.javeed@guardian.co.tt

Com­mu­ni­ca­tion Work­ers’ Union (CWU) sec­re­tary gen­er­al Joanne Ogeer is sup­port­ing Gov­ern­ment’s de­ci­sion to pub­licly re­lease the Telecom­mu­ni­ca­tions Ser­vices of T&T (TSTT) cy­ber breach re­port.

And she is ques­tion­ing why Min­is­ter of Pub­lic Util­i­ties Mar­vin Gon­za­les and TSTT were is­sued a pre-ac­tion pro­to­col let­ter by for­mer em­ploy­ees.

Her com­ments come af­ter the Sun­day Guardian yes­ter­day re­port­ed that two fired for­mer TSTT ex­ec­u­tives - for­mer chief ex­ec­u­tive Lisa Agard and chief fi­nan­cial of­fi­cer Shi­va Ram­nar­ine - had sent a le­gal let­ter to Gon­za­les last Thurs­day and in­sist­ed the re­port should not be laid in Par­lia­ment.

The for­mer ex­ec­u­tives be­lieve that the re­port, which con­tains po­ten­tial neg­a­tive find­ings on their role dur­ing the cy­ber breach, “is laden with con­jec­ture and is there­fore in­fect­ed with un­law­ful­ness.”

In the le­gal let­ter, sent by at­tor­ney For­tis Cham­bers’ Ka­ri­na Singh, the duo said if they do not re­ceive a favourable re­sponse from Gon­za­les, they will seek leave “to ap­ply for ju­di­cial re­view for an or­der re­strain­ing the pub­li­ca­tion of the re­port on the ba­sis that the pub­li­ca­tion would be il­le­gal, ir­ra­tional and/or pro­ce­du­ral­ly im­prop­er.”

The re­port, which was re­quest­ed by Gon­za­les fol­low­ing the cy­ber breach on Oc­to­ber 9, 2023, was done by in­ter­na­tion­al cy­ber­se­cu­ri­ty firm Kudel­s­ki Group.

“Why the se­cre­cy?” Ogeer ques­tioned in a state­ment to Guardian Me­dia yes­ter­day.

She ob­served that Gon­za­les told the me­dia that noth­ing sur­prised him in the re­port, so she was con­fused about what the for­mer ex­ec­u­tives were try­ing to hide by ask­ing it not be made pub­lic.

“Pre-ac­tion pro­to­col let­ters are just, in the union’s view, a way to stymie the process. If you have noth­ing to hide then do not use the law to block any­thing. Re­veal the re­port,” she said.

Ogeer on­ly cau­tioned against the IT as­pect of the re­port be­ing made pub­lic so as not to com­pro­mise the com­pa­ny. She said the is­sue is ac­count­abil­i­ty and trust and as such, the re­port should be re­vealed and peo­ple be made to ac­count.

Fol­low­ing the cy­ber breach, Gon­za­les or­dered an in­de­pen­dent in­ves­ti­ga­tion in­to the in­ci­dent and gave an un­der­tak­ing that the find­ings would be made pub­lic via the Par­lia­ment.

The Kudel­s­ki re­port is an in­de­pen­dent re­port. Fol­low­ing the breach, TSTT en­gaged the ser­vices of a lo­cal in­de­pen­dent cy­ber­se­cu­ri­ty com­pa­ny, Cy­ber­Eye, which is af­fil­i­at­ed to Cross­word Cy­ber­se­cu­ri­ty Plc in the Unit­ed King­dom, to do a root cause and log analy­sis, se­cure re-en­able­ment, as­sess the ef­fec­tive­ness of TSTT’s cy­ber­se­cu­ri­ty con­trols for pro­tect­ing its in­for­ma­tion as­set against cy­ber threats and, fi­nal­ly, threat mon­i­tor­ing and de­tec­tion as part of its in­ter­nal in­ves­ti­ga­tion.

Agard and Ram­nar­ine ar­gue that Kudel­s­ki failed to give con­sid­er­a­tion to those re­ports which were com­plet­ed.

On Sat­ur­day, Gon­za­les said the re­port took too long, but in­sist­ed it would be made pub­lic al­though he could not give a def­i­nite date. He said it was sent to the Na­tion­al Se­cu­ri­ty Coun­cil for re­view.

“When the re­port is laid, the coun­try will see some of the key rec­om­men­da­tions as to what TSTT needs to do to boost its cy­ber­se­cu­ri­ty. I can al­so say that TSTT has done a lot of work in the last year to com­ply with some of the rec­om­men­da­tions in the re­port,” he said.