With the Government of Jamaica making grand plans to build out various cyber-physical systems architecture like the National Identification System (NIDS), there has to be increased caution on the approach, ensuring that our efforts are deliberate.

Globally, malware attacks are on the rise and efforts should be made to ensure that NIDS is modelled as a Zero Trust Network Architecture. The assumption that a data centre's systems and traffic can be trusted is flawed. In short, all networks are subject to hostile attacks, and we have seen this more than ever since the pandemic. Modern networks and usage patterns no longer echo those that made the traditional perimeter defence as safe as it was years ago.

It would be foolhardy to think that Jamaica's national cybersecurity infrastructure is safe and will not be subject to hostile attacks. Against this background, NIDS and other similar large scale digital infrastructure projects that leverage the country's telecommunications provisions must now step forward and embrace the philosophy of what obtains within a Zero Trust Network. The basic assumptions of the Zero Trust Network environment are:

• The network is always assumed to be hostile.

• External and internal threats exist on the network at all times.

• Network locality is not sufficient for deciding trust in a network.

• Every device, user, and network flow is authenticated and authorised.

• Policies must be dynamic, and calculated from as many sources of data as possible.

Over the last few years and particularly since the pandemic, these digital networks have come under increasingly more brutal malware attacks, either for exfiltrating data or simply compromising the network operations entirely as a “distributed denial of service attack”. The recent Colonial Pipeline ransomware attack in the United States demonstrates the very nature of this hostility. There is a lot more that may not be getting the media spotlight. Our local banks over the last two years, by my observation, have come under increasing attack based on their public disclosure.

We should undertake cybersecurity infrastructure protection as a large scale national effort and be proactive about it in the face of the imminent threat. Governments, business operators, academic institutions must realise that as these hostile malicious attacks persist, the threat vectors have increased. A concerted national education programme and training to include the likes of the tertiary institutions, government, small and medium-size organisations will be required to thwart such attacks.

Professor Sean Thorpe, PhD

Head of School of Computing and Information Technology

The University of Technology, Jamaica (UTECH)

Immediate Past Paper President – Jamaica Computer Society