The weather surprise for tomorrow, what is expected to happen with the temperatures
Pascal Milo seriously accuses the prime minister: Rama lied in the statement he made in Israel, this is what it is about
The man killed the woman with the baby in her belly, shocks the journalist and raises strong questions
Dramatic evening! Messi "KOs" Mexico, Argentina "takes" Poland to the next stage
Murder of a 35-year-old pregnant woman by her husband, urgent call: Women and girls, we are in danger
The protest of December 6, PD clarifies the scenario: How will we face Edi Rama, here is what is expected to happen
Tragedy/ She never got to meet the baby, here are the last words of the 35-year-old before she was killed by her husband: By this child that I have, I am born tonight...
"The police knew about...", the family of the murdered woman revealed new details from the shocking event
KLSH raises the alarm, criticizes the National Agency of the Information Society and makes it responsible for cyber attacks
Written by Sidorela BRAÇJA 28 Shtator 2022
Recently, Albania is facing continuous cyber attacks where sensitive data of Albanian citizens and officials have been leaked. The biggest attack was the one in July of this year, which called into question not only the way the National Agency of the Information Society managed the process of digitization of public services, but also the effectiveness of the costly investments that were made for this purpose. The report of the Federal Bureau of Investigation (FBI) on the investigation of the cyber attack against the Albanian state, came to the conclusion that the attack started 14 months ago. According to the report, the attackers have exploited the weaknesses of the system connected to the ANA and infiltrated the technological infrastructure of the Albanian state. And this raises the question of whether the leadership of AKSHI by Mirlinda Karcanaj has been efficient and whether the process of digitization of public services has been given due importance for the very nature it represents. The High State Control has analyzed the way the process of centralization of public services from government institutions to ANA has been done, highlighting a number of flaws in the role of ANA in this regard. The performance audit of ANA started in 2017, when it was decided that some public services, together with the IT staff and assets of some institutions, were transferred to ANA. Practically, the entire Information Technology network that was decentralized was decided to be centralized by passing into a single hand, to ANA. Legally, AKSHI is responsible for the administration of IT software systems and hardware infrastructure for institutions that are under the responsibility of the Council of Ministers, including for their cyber security. But if you read the report, you come to the conclusion that this process of such great importance has been treated without giving it due importance.
Conclusions of the performance audit by KLSH
The findings are disturbing and raise many questions about the security in which the process was carried out in the period 2017-2020. What has resulted from the audit is that the process of centralizing the structure of ANA has been effective in terms of increasing the number of services, but partially effective in terms of the concentration of human resources and assets. "The process of centralizing the technology infrastructure of Information of AKSHI has resulted in economy, but the results could and should have been higher. Despite all the efforts made, AKSHI has not taken sufficient regulatory and organizational measures for change management. In our judgment, the lack of identification and administration of critical elements in accordance with the provisions of VM no. 673 has made the process of centralization of the structures and infrastructures of the institutions and bodies of the state administration under the responsibility of the Council of Ministers not to be well planned. This process has also influenced the non-maximization of the interaction and cooperation of information systems in relation to the automation and interaction of data" is written in the HSC report.
Një problematikë tjetër shqetësuese për rolin e AKSHI-t është ajo që lidhet me mënyrën sesi ky institucion u jepte zgjidhje incidenteve kibernetike. “Ofruesi i shërbimit (AKSHI) duhet të zotërojë një bazë të dhënash të gabimeve të njohura dhe historikun e incidenteve të mëparshme. Me anë të procedurës së administrimit të problemeve ofruesi i shërbimit (AKSHI) duhet të kryejë analizën e prirjes së informacionit për të identifikuar rrënjët e incidenteve dhe mundësitë për të parandaluar ndodhjen e tyre. Ofruesi i shërbimit (AKSHI) duhet të jetë i disponueshëm për të ofruar shërbim në institucionin përfitues të këtij shërbimi që janë institucionet përfituese. Për plotësimin e këtyre kërkesave thelbësore grupi i auditimit nuk administrojë asnjë dokument që të vërtetonte që këto pika ishin trajtuar. Drejtoritë apo sektorët e TIK të AKSHI-t të atashuar pranë institucioneve i menaxhojnë risqet mbi bazë ngjarjesh. Suporti, mbështetje teknike dhe logjike për operacionet IT kryhen nëpërmjet shkëmbimeve verbale dhe nuk dokumentohen“, shkruhet në raportin e audituesve të KLSH-së. Më tej, në raport, grupi i auditimit e ka konsideruar procesin e qendërzimit të strukturave dhe infrastrukturave TIK në AKSH si një proces dinamik i cili krahas avantazheve paraqet risk të mbartur për sigurinë e informacionit.“AKSHI duke konsideruar procesin e qendërzimit të strukturave dhe Minfrastrukturave TIK në përputhje me VRM 673 datë 22.11.2017 si një proces dinamik të vlerësojë riskun e mbartur që sjell përqëndrimi i këtyre aseteve e burime njerëzore në sigurinë e informacionit dhe marrë masa për minimizimin e tij” përfundonte raporti i KLSH-së. Raporti vlerëson pozitivisht parimin e procesit të qëndërzimit të shërbimeve por vë seriozisht në pikëpyetje seriozitetin me të cilin AKSHI e ka trajtuar këtë proces.