AutoExpreso system had safeguards/backups, official says
By John McPhaul
jpmcphaul@gmail.com
Highways and Transportation Authority (ACT by its Spanish acronym) Edwin González Montalvo said Thursday that the AutoExpreso system had its respective safeguards and/or “backups” in place safeguarding the entire system and its data when it was hacked last month.
“Yesterday [Wednesday], the PAM company began a series of system integrity tests, connections and data validation of the AutoExpreso System, with the purpose of beginning the steps to return the system to normal,” the official said in a written statement.
He said the technological infrastructure of AutoExpreso is made up of hundreds of computers and servers that have required validation and restoration one by one in parallel with the main servers of the purchase and recharge system, as well as the fines system.
“As of today, it has been possible to restore the system based on the backup files that existed and in the next 48 hours it will begin to process transactions in order to carry out the necessary validations to continue with the integrity tests and ratification of pending data” the ACT chief asserted.
Meanwhile, Rep. Orlando Aponte Rosario, chairman of the House Legal Committee, asked Department of Transportation and Public Works officials on Thursday if the AutoExpreso system is protected at the insurance level against cyber attacks such as the one that is being experienced now.
“We are going on three weeks with the uncertainty of knowing what is happening in this case,” the lawmaker said in a written statement. “It is alleged by the Governor [Pedro Pierluisi Urrutia] that he will not allow negotiations with the cybernetic hackers who took control of the system. The executive director of the Highway and Transportation Authority, Edwin González, confirmed on Tuesday that the pirates had demanded money to release the data obtained, but he did not want to … hinder the investigation that is being carried out. The question is: had they bought insurance for these purposes and to protect the information of the users?”
“Puerto Rico’s tolls are managed by a private company, which is certainly responsible for having a prone or weak system for this type of attack,” Aponte Rosario added. “In the analysis of the situation something very important emerges: losses that the government has had, are they going to be assumed by the company that manages the tolls?”