Prague, July 29 (CTK) – Czech ministries do not have control over their own IT systems that are administered by private firms, and this makes them an easy target for enemy hackers, daily Mlada fronta Dnes (MfD) wrote on Saturday, citing the National office for cyber and information security’s secret report.
The Czech government asked the office to work out this report after it turned out that still unknown hackers broke into the system of the Foreign Ministry and had access to communication between top diplomats and data about Czech allies for several months, MfD writes.
However, cabinet members and top officials realised thanks to this hacking attack that the threat is real and something needs to be done about it. As a result, the experts who should protect the state against possible cyber attacks thoroughly checked the computer systems of all Czech ministries.
The report concluded that the situation is very bad, the paper writes.
Some ministers outsourced the administration of their data in such a way that they have little influence on their own information systems, National office for cyber and information security’s director Dusan Navratil told the paper.
“The ministries rely on these IT companies and they are afraid of cancelling the disadvantageous contracts. In some cases one might almost say that the companies blackmail them,” Navratil said.
Due to this, Navratil’s office cannot guarantee that the ministerial databases would be sufficiently protected against hacking. These databases often include data that are crucial for millions of people and for the security of the country.
Navratil said a hacker who wanted to damage a country might for example break into its system of pension insurance payments and start changing data in it. If the hacker managed to do this for some time without being revealed, the reserve data would be changed as well and the whole system would stop functioning, he said.
Navratil said one of the ministries even outsourced discs on which it stored its data. Two of these discs, with e-mail communication, disappeared in the United States before the experts had time to prevent it, he said.
The Czech state will have to pay billions of crowns to regain control over the key data and avoid similar threats, MfD writes.
The Labour and Social Affairs Ministry has been dependent on an IT company that never took part in any tender and it pays half a billion crowns a year for the administration of its databases. The ministry would like to switch to a new system that is much cheaper, but the company blocks the introduction of the new system.
The company dismissed this and said the new system seems to be more difficult than the ministry and the newly selected firms expected it to be, the paper writes.
Deputy Labour Minister Robert Baxa, in charge of IT affairs, said the ministry is in fact trapped.
MfD reminds of the case in which two Swedish ministers had to leave the cabinet earlier this week because the state gave key powers to private companies and their employees had access to two secret databases of the Swedish police. This case concerned Czech employees of the IBM company.