The entry point for the cyber attack on the Protection and Rescue Administration’s information system on August 17 last year was an employee’s private computer. They have not yet determined who is responsible.
The members of the parliamentary committee for defense got acquainted with the minutes of the completed inspection and the audit report of risk management and compliance of the information and communication system for protection against natural and other disasters in the Administration for Protection and Rescue (URSZR), which was carried out by the internal audit service of the Ministry of Defence.
Medved: The system has been unsustainable for several years
Secretary of State at the Ministry of Defence Rudi Medved pointed out that the attack on the URSZR system, which is one of the three pillars of national security, was facilitated by the fact that the URSZ did not plan, build or maintain the system for many years. Projects remained unfinished or were not started at all, and planned financial resources for updating the system remained unrealized. In 2020, 400,000 euros were allocated for this, in 2021, 150,000 euros, and in 2022, 800,000 euros, stated Medved. The responsibility for the attack rests with the previous director Dark Butwhich undoubtedly comes from the documents, he added.
According to Medved, the entry point of the attack was the private computer of one or two employees who accessed the system from home without formal authorization, and until this moment it is not clear who granted them these rights in the first place. “We haven’t even been able to find out who is responsible at this point,” he said. That it was “original sin” attack, also said the Acting General Director of the URSZR Leon Behin. It was an extortion virus that did not reach high values on the dark web, he explained.
Behin highlighted the shortage of personnel in the field of cyber security and the obsolescence of technology. The protection and rescue operation system has been severely curtailed and affected, but the 112 number is practically working at full scale and there should not be any differences due to the cyber attack, he said. Also, no personal data should have been stolen as a result of the attack, he asserted. He said that they have implemented most of the recommended measures, including multi-level passwords, but for some they need to find an external contractor. A special assessment of the damage has not yet been realized.
Member of Parliament SDS– a Žan Mahnič pointed out that the meeting should be closed to the public and that he hoped “so that those who would like to pester us don’t look at us”. According to him, the responsibility for the attack is not only with Bhutto. He pointed out that everyone accesses the work system from home via the home internet network. It will also be clear that access to the user name and password for the Spin application was publicly known, he said.
Member of Parliament NSi– yes Matej Tonin but he believes that this time it was the defense committee “a counter offensive to what the Security and Intelligence Oversight Commission is doing”. “Alleged Cyber Attack” was, in his opinion, only “dirty game”, with which they replaced the then general manager But. That there was this affair “staged”in his opinion, proves that the security service of the Ministry of Defense was involved in this.
“Tonin really likes spy stories,” however, Medved responded to the accusations and labeled them as “peak of imagination”. “They want to make an affair out of something that we all see as a problem and the need to strengthen information security,” he added.
Video: Defense Committee meeting recording