No breaches of IT networks, says PICA boss
Chief executive officer (CEO) of the Passport, Immigration and Citizenship Agency (PICA), Andrew Wynter, says an auditor general’s assessment last year did not identify any unauthorised access to any of the agency’s secured information technology (IT) networks.
He was fielding questions from members of the Public Accounts Committee (PAC) in Gordon House on Tuesday.
Wynter appeared before the parliamentary oversight committee to respond to issues highlighted in the auditor general’s audit of PICA.
In the report that was tabled in Parliament last year, Auditor General Pamela Monroe Ellis said that PICA’s management did not establish the relevant structures and processes to ensure the oversight of the information and communication technology (ICT) function and management of IT risks within the agency.
She also pointed out that the absence of formal access-control policies and procedures at the agency heightened risks of security breaches from abuse and unauthorised use of PICA’s information assets.
Commenting on PICA’s IT security architecture, Wynter said that all the agency’s systems are part of a closed network. He explained that all the servers at the agency are on location and are protected by firewalls and other systems that will reduce to “an absolute minimum” any access to them.
“We have done several checks over the years, and this is one of the things to ensure that our networks and the security system for all our systems are kept in a very sterile environment. Only ICT personnel have access to them,” he said.
Monroe Ellis had recommended that PICA establish a committee that focuses specifically on IT risks. That suggestion was accepted and implemented by the agency with effect from August 2021.
Meanwhile, the Major Organised Crime and Anti-Corruption Agency (MOCA) has completed its review of the ICT systems of PICA.
Last September, National Security Minister Dr Horace Chang had asked MOCA to carry out the review in the wake of the auditor general’s report.
Wynter told PAC members on Tuesday that PICA had received a report from MOCA. He said the findings were now being reviewed by the passport agency.
“PICA has a number of databases and it is important that we protect the identity of everyone, so MOCA’s support, the auditor general’s support, have all been taken on board by the agency to ensure that we provide a very robust framework and system, to ensure the protection of the identity of persons and the systems for the agency,” he said.