NIDS boss says system will avoid security risksThursday, March 04, 2021
BY BALFORD HENRY
PROGRAMME director of the national identification System (NIDS), Warren Vernon, on Tuesday assured members of the joint select committee (JSC) reviewing the legislation that he is confident in the standards being followed to avoid security risks.
“We are going by standards. We are not saying that there are no risks. Every single system we have, there are risks connected to those systems. But, once you abide by the standards they will protect you,” Vernon, who has been in charge of the NIDS process for the past three years, told the committee.
He said that it is important to know that when the NIDS system is implemented, it will be compliant with the National Institute of Standards and Technology Cybersecurity Framework (NIST-CSF), which he described as “a very strong cybersecurity framework”.
He stated that it is very important for the public to know that, additionally, the components will be compatible with the cybersecurity maturity model certification before it goes into production mode.
“We would have developed from day one our security guidelines. We refer to them in IT as acceptable security guidelines, and those are the guidelines we consider to be the bible that our people are using every day to make decisions,” he said, noting that the ISO 27 100 series has already set standards for information security.
He said that the system will also depend a lot on Controle Objectives for Information Technologies (COBIT 5), in terms of the governance and security by design. COBIT 5 is a framework used for the governance of enterprise IT that supports business objectives of an organisation. The COBIT framework can be used in any organisation across industries that guarantee quality, control, and reliability.
“We were always thinking about risks. From day one, I recall when we started defining the process and we went to tender and they moved to evaluate the bidders. We immediately asked for the top three bidders and spent a lot of money to do a global scan, a due diligence report on the consortium,” he told the committee.
“We knew every single thing about them and all of the risks before we got in, so we are managing risks from day one; because all of this is really about risks management and once you abide by the standards, it is very unlikely that you are going to be in trouble,” Vernon assured.
He insisted, however, that the security details were not meant for a public forum, and suggested a private meeting of the committee to go into the details of what has been happening in the background regarding the security measures around the NIDS project.
He said that while there may be a need to provide comfort for those concerned about the safety of the system, sharing security information in a public domain could also mean providing more details to an attacker which could make the system vulnerable to being hacked.
However, he promised ongoing checks and certification as the programme develops, and said that he welcomed the need to protect individuals. He also called for a collective response to the rigours of introducing the measures.
Vernon received support from both the chairman of the JSC, Justice Minister Delroy Chuck and Minister of Foreign Affairs and Foreign Trade Senator Kamina Johnson Smith.
Senator Johnson Smith noted that there will be no information in the public domain, as NIDS is not a public database.
“In any event it is not a public system and will in fact have the highest level of security. In fact, several layers of security are already embedded and being readied for the system,” she said.
Chuck, meanwhile, agreed that there could be the need for a in camera meeting of the committee, at which time members would be able to get more details on the security structure and effectiveness of the system.
The committee also heard submissions from members of the seven-year-old investigative police body, Major Organised Crime and Anti-Corruption Agency, as well as the Ministry of National Security.
The JSC will meet again on Wednesday, March 10. However, Chuck said the upcoming meetings may have to be virtual ones as Parliament commences a detailed review of the 2021/22 budget starting with yesterday's meeting of the Standing Finance Committee at Gordon House.
Now you can read the Jamaica Observer ePaper anytime, anywhere. The Jamaica Observer ePaper is available to you at home or at work, and is the same edition as the printed copy available at https://bit.ly/epaper-login