Tuesday, 18th November 2008 - 22:22CET
MITTS board decides not to renew CEO's contract
The board of MITTS, the government IT agency, has decided not to renew the contract of the Chief Executive, Alex Attard, when it expires next month.
The decision was taken after a breach of important servers, even though an external review team concluded that no penetration was made of core systems, including e-mail accounts.
A letter by the board tabled in Parliament this evening says that although the team’s findings showed that Mr Attard acted in good faith, it was his responsibility to ensure that the necessary technological measures were utilised and also to advise the board of any risk exposures due to any lack of adequate implementations.
The board noted that as explained by the External Review Team, “Mr Attard’s reaction towards the containment of the risk was expected to be much more effective, particularly when it transpired that Mr Attard did not support the recommendation for an early forced password change which would have mitigated the risk exposure to an enormous extent.”
The board recognised the sterling service given to MITTS by Mr Attard but decided that in view of the review team’s findings, it would not renew his contract.
The board also noted the responsibilities of Mr Enrico Nardelli, then departmental manger of service management, saying the team's findings suggested that measures which could have avoided the incident were clearly within his control. It said Mr Nardelli had given the CEO wrong technical advice regarding the success or otherwise of the breach which led to the board not being aware of the success of the breach for three weeks. However Mr Nardelli had since resigned and no action could be taken against him.
With regard to Mario Spiteri, department manager of the Information Security and Risk Management Department, the board said his reaction to the incident were unfocused and misguided. It appreciated his hard work and commitment and decided that he should revert to his previous position in the company.
The board itself again offered to resign but the offer was rejected by IT Minister Austin Gatt.
The review team in its findings reported, among other things, an ‘inexplicable failure’ to implement two-factor authentication for users with administrator privileges on the Active Directory servers, saying this would have prevented the breach from happening.
It also noted a failure to remove LM Hash on Active Directory servers, at least for VIPs.
“Equally on its own, this measure would have rendered a successful breach futile since it takes an inordinate amount of time of super-computing power to decrypt the breached passwords,” the team said.
It also reported failure of observance of procedures on password and anti-virus management.
RSS
Comments
It seems no chairman/CEO etc.... seem to work with this minister. Its about time he resigns.
This is really and truly a PityFULL Nation, i`m sorry to say.... Because in this case, i think that FIRST OF ALL, and for Transparency`s sake. EVERY ONE should resign.. Board and ALL...
But.. ABOVE ALL, and for Political and Accountability`s sakes, Minister Austin Gatt should throw in his towel as well, and quit his job as a minister...
As, as the Opposition Leader Dr. Joseph Muscat said in parliament many a time, this case IS A VERY SERIOUS CASE OF ESPIONAGE, on the Maltese and Gozitans alike...
But alas.... This is a "..PAJJIJZ TAL- MICKEY MOUSE..", unfortunately governed by an ARROGANT, 20 year OLD government of `Tejatrini Galore`.....!!!
*****************************************************************************************************
Did he have to face the usual bunch of 'friends of friends' and untouchables that you cannot reprimand or correct, because they'll go running and report you to some Minister or MP?
Is MITTS really any different from other govt departments?