World Bank Shuffles Staff to Address Cyber-Breaches

World Bank Shuffles Staff to Address Cyber-Breaches

Duties Stripped from Chief Information Officer;

Sources Say Management ‘Looking for Fall Guy’

(Washington, D.C) – In the wake of recent news reports showing serious breaches of the World Bank’s information security system, the Government Accountability Project (GAP) has learned from sources inside the bank, as well as from an internal Bank announcement, that duties have been stripped from the institution’s Chief Information Officer.

According to previous media reports and internal sources, the Bank’s records, which contain sensitive financial information from borrowing and donor countries, were repeatedly and illicitly accessed over the last year. At the same time, the Bank is trying to downplay the attacks, as it positions itself to assume a prominent role in addressing the global financial crisis. This cyber-breach situation raises troubling questions about its future effectiveness in dealing with the crisis.

“Our sources inside the Bank have said management has been looking for someone to take the fall for these breaches,” said GAP International Program Director Bea Edwards. “The World Bank must ensure that its member countries’ financial records are secure. If the Bank can’t safeguard sensitive information, it can’t be trusted to help with the global financial crisis.”

Last night, Bank Manager Juan Jose Daboub sent out an announcement to bank staffers regarding new personnel addressing the security issues. Part of the message was:

At the request of President Zoellick, Van Pulley will take over responsibility for WBG information security effective immediately and until more permanent arrangements are in place. [emphasis added]

The full announcement can be read on GAP’s Web site here: http://www.whistleblower.org/doc/2008/Kiosk.pdf

It is unknown at this time whether current Bank Information Officer Guy de Poerck has been simply stripped of his security responsibilities, shifted to another position, or fired outright.

“This is like locking the barn door after the horse – and the key – have been stolen,” stated Edwards. “It’s is a cosmetic fix. The Bank’s information system has been breached repeatedly for months, and may need a massive overhaul.”

World Bank spokespeople have been denying for months the seriousness of the cyber-incursions. Apparently, sanctions regarding security issues were only applied belatedly to an India-based company stemming from incidents that occurred as long ago as April. At the same time, the Bank has delayed sanctioning five state-owned Chinese companies implicated in wrongdoing. In that case, the World Bank reportedly offered a deal to a reporter if he would delay publication of his story about the sanctions until after the G-20 Summit in Washington two weekends ago.

Daboub, who notified Bank staffers last night about the immediate steps to re-secure the Bank’s information systems, is no stranger to controversy. Last year, during the Paul Wolfowitz scandal, GAP released information showing that Daboub instructed a team of Bank specialists to delete all references to family planning services from a proposed assistance strategy for Madagascar, and later from the Bank’s overall Health and Nutrition Strategy. 

The views expressed in this article are the sole responsibility of the author
and do not necessarily reflect those of this website or its editors.

Contact Editor