Cyberattacks on AutoExpreso and the UPR expose the vulnerability of Puerto Ricos government systems

The vulnerability of the Puerto Rico government systems was proven this weekend, after an attack was perpetrated on the AutoExpreso platform , managed by a private operator, a situation that could have exposed confidential information of the thousands of citizens who use that service.

“In our monitoring systems, all these attacks have tripled, and we are looking at them. We are putting all prevention systems into effect and we are monitoring, being proactive in the agencies,” said Ngai Oliveras , the government’s main Cyber ​​Security official, who attributed the rise in this type of alerts, in part, to the conflict between Russia and Ukraine.

Despite the fact that three years ago the government had the Office of Puerto Rico Innovation and Technology Service (Prits), it was not until April of last year that the agency issued administrative order PRITS -2021-001 to establish the cybersecurity program of the government , which includes, among other things, the development of public policy to address this absence of claws on systems managed by third parties.

The administrative order, explained Nannete Martínez , interim director of Prits, requires companies that offer services to agencies that the technology they use be owned by the government and “residing” or kept in the “hosting” of the government, which can be clouds or servers. “We greatly favor the use of the cloud, above all, for what has to do with citizen services ,” said Martínez.

These private operators must also be certified by a security accrediting agency that guarantees the State that they have the minimum controls required so that events like this cyberattack do not happen…. (Excerpt from El Nuevo Dia)