Ministry of Research lacks staff to prevent cyberattacks, reveals audit committee

The junior ministry of research and innovation has no staff in place to prevent a cyberattack, it emerged on Thursday at the House audit committee.

The statements came from the deputy minister himself Philippos Hadjizacharias, who also told MPs that if government portals were hacked again, “all we would be able to do is cover our backs.”

It also emerged that to date, no assessment has taken place on the wider economic impact of the recent hacks, beyond the measurable cost of data recovery.

Taking queries from lawmakers, Hadjizacharias said that to his knowledge, no payouts were made to the hackers who had asked for ransom.

Jumping in, auditor-general Odysseas Michaelides said it should go without saying that no ransom was paid since no funds are set aside for this.

Had any such payouts been done, without any funds earmarked, it would have been illegal.

During the session, deputy committee chairman and Diko MP Chrisis Pantelides along with Dipa MP Alekos Trifonides, said the government had not paid any money in the recent attacks against the land registry, the University of Cyprus and Open University of Cyprus.

Nonetheless, the cost of recovering the data for the digital security authority amounted to €170,000, for the Open University €105,000 and the University of Cyprus €85,000.

“The goal is, seeing as we know what the problems are and what we have to do, we have to implement the government cyber security action plan,” Hadjizacharias told MPs.

Police have not yet managed to track down the perpetrators, he added.

The deputy minister sought to stress that no data had been stolen from the land registry cyberattack, which was different than the case of the Open University, where personal information was subsequently leaked online.

Where the servers are concerned, Hadjizacharias confirmed they are waiting for Cyta, and once the company is ready, the servers will be moved away from the finance ministry, where a number of them went down in April after a water leak.

Asked for a timeframe, the deputy minister said it would certainly be before winter.

Disy MP Savia Orphanidou said that hacks are a new dangerous form of warfare, accompanied by high economic costs.

Beyond the financial burden of the consequences, there is also the impact on Cyprus’ reputation and trustworthiness, with a likely effect on future investments, she added.

Akel deputy Christos Christofides said the recent hacks proved that Cyprus is simply not ready as a country to handle matters of digital security.

A finance ministry rep said that they don’t have an economic impact assessment in relation to the cyberattacks.

“As far as I know, no such assessment has taken place. The relevant departments will brief the [finance ministry]. If they come with suggestions, we’ll try to solve the issue so as to prevent the economy from being weighed down.”