Both the Assistant Minister for Economic Development and the Director of Jersey Cyber Security Centre have highlighted the importance of cyber security to Jersey and the key cyber risks that Jersey faces.
These remarks came during the Channel Islands Cyber Security Conference on Thursday 16 October. Organised by the Channel Islands Information Security Forum (CIISF), the Conference brought together more than 200 cyber security experts and a range of UK and international speakers to discuss the threats facing Jersey, and how the Island can defend itself.
Opening the Conference, Assistant Minister for Economic Development Deputy Moz Scott highlighted how high-profile cyber security attacks against the UK have affected Jersey. In the spring, attacks on the Co-Op and Marks and Spencer led to empty shelves in local supermarkets. Earlier this month, a data leak affecting Renault included the personal data of Islanders.
Also speaking at the conference, Matt Palmer, Director of Jersey Cyber Security Centre (JCSC) highlighted the threats Jersey is facing, including the 44 incidents JCSC has dealt with in the last 12 months.
He also noted the key trends JCSC has seen during that time, include the increasing use of AI by malicious actors to create convincing attacks; the targeting of organisations of a range of sizes and scales; and, the targeting of known vulnerabilities.
In response, he urged local organisations to:
- consider achieving Cyber Essentials accreditation to demonstrate that they are protected against some of the most common threats
- follow the UK Cyber Governance Code of Practice
- report incidents to JCSC
Deputy Scott provided an update on the political response to these challenges. The Cyber Security Policy Framework – which will be published in early November – outlines Jersey’s policy pipeline for developing a skilled cyber security workforce, recognising cyber security as an important driver of future economic growth and improving the Island’s cyber security and cyber resilience overall.
She also provided an update on the Cyber Security (Jersey) Law, which will be lodged with the States Greffe in the coming weeks.
If approved by the States Assembly, the Law will include a requirement for Operators of Essential Services (OES) to report significant cyber security incidents within 24 hours of becoming aware of them. The Law also legally establishes the role of of JCSC as a single point of contact.
Speaking at the conference, Deputy Moz Scott, Assistant Minister for Economic Development, said: “As a Government we are committed to raising the standard of cyber security and cyber resilience of the Island […] we know effective counter action requires a culture change, and we know we can’t do it alone.
“I hope [the cyber security community in Jersey] will continue to help us shape future cyber policy, guidance and legislation that is right and relevant for Jersey. We’re all aware we need to continue to develop these at pace, including the Cyber Security Jersey Law, and the Cyber Security Policy Framework.
“[The Law] is a key step in changing the culture on this Island to one of information sharing and collaboration, with the intent that the Island’s Operators of Essential Services lead by example. Alongside this, the Cyber Security Policy Framework sets out challenging policy aspirations to improve Islanders’ cyber awareness and our cyber security and resilience as a small Island community.”
Matt Palmer, Director of Jersey Cyber Security Centre, said: “We know that malicious attackers don’t stand still: they are constantly developing their methods, techniques and targets to steal data, make money, and cause damage.
“To protect the Island, we need as many organisations as possible to take cyber seriously. Organisations can make themselves less attractive targets: they can achieve a good baseline of cyber security by achieving Cyber Essentials accreditation, and/or meeting the UK Cyber Governance Code of Practice.
“I also urge organisations to report incidents to JCSC in a timely manner, especially if they need help, or if the incident is significant. Knowing about an incident makes it much easier for our team to warn others, and protect the Island as a whole.”
Photo by Paul Wright courtesy of Channel Islands Information Security Forum (CIISF)
link