Analyzing the Concerns Surrounding the Construction of a Tier 3 Data Centre Amidst Government IT Infrastructure Challenges
November 19, 2024
The article discusses a recent government email system outage, highlighting trust breaches and operational challenges. It questions the support for constructing a Tier 3 data center due to reliability issues and financial sustainability concerns.
While it is widely understood that not all cybersecurity system disruptions stem from a security breach “hack”, this week’s latest service interruption highlights a breach of trust and widespread frustration. The outage of the government’s main email communications system last week, hosted under the barbados.gov.bb domain, left numerous individuals unable to receive their weekly payments, leading some to walk off the job in protest.
This incident puts the resilience of the government’s IT infrastructure back into the spotlight in an unflattering way and underscores the focus of this article: why I do not support the construction of a Tier 3 data centre at this time. Achieving the cooling and redundancy configurations required for a Tier 3 data centre is not merely a technical challenge; it sets a demanding standard, with 99.982 per cent uptime translating to no more than 1.6 hours of unplanned downtime per year. These configurations enable concurrent maintenance, allowing critical components such as generators and cooling units to be serviced without disrupting operations. However, achieving and sustaining this standard demands operational discipline and reliability – qualities that appear lacking.
The frequency of outages and the likelihood of unpublicised incidents have elevated each failure from an embarrassing inconvenience to a crisis of public trust. These recurring issues undermine the rationale for such a significant and costly investment. For the data centre to be financially sustainable, it would need strong private sector support and robust international partnerships. Yet, persistent reliability issues erode stakeholder confidence, making the initiative seem misaligned with public interest and economic prudence.
My concern lies not only in the challenge of achieving the Tier 3 standard but also in the feasibility of sustaining it under current conditions. Reviewing this year’s government incident reports, it is evident that maintaining the required uptime is a Herculean task. Beyond technical challenges, the inefficiency of government bureaucracy is a greater obstacle. Tier 3 standards demand constant upkeep, rapid resource allocation, and decisive action in the face of potential failures — qualities fundamentally at odds with current government processes. Without significant reform, even the most advanced technical infrastructure risks collapse under bureaucratic inefficiencies.
Compounding these concerns are recurring security breaches, which cast doubt on the government’s ability to secure and maintain its existing infrastructure, let alone manage a new data centre. If the government struggles with its current systems, how will it ensure ongoing compliance with Tier 3 requirements? Adding this to an already overstretched infrastructure risks creating a larger problem for both the government and potential patrons.
Businesses relying on the data centre for security and uptime may face dire consequences if compliance is achieved initially but later compromised due to budget cuts, shifting priorities, or inadequate resources. Such instability would erode trust and undermine the purpose of the investment.
Additionally, data centres are inherently fragile operations where even minor oversights — such as outdated monitoring software — can lead to catastrophic downtime. The government’s track record in IT management raises red flags. For example, the Barbados Immigration Department’s online appointment system, accessible at https://immigration.gov.bb/pages/appointmentDetails.aspx, fails to function properly on Google Chrome, the most widely used browser, requiring users to switch to Microsoft Edge. This simple oversight highlights a lack of attention to detail and proactive maintenance in government IT services. If such basic functionality is overlooked, how can the government be trusted to sustain the complex systems required for a Tier 3 data centre?
At the time of this article’s publication, the Barbados government has no official Cybersecurity Czar, while the Guyanese government has had one for years. Ironically, Guyana, with less ICT infrastructure and arguably less to lose digitally, has taken a more proactive stance on cybersecurity. This contrast raises the question: is such an investment feasible for Barbados? The answer is yes, but success depends on proper timing and priorities.
The first priority should be appointing a cybersecurity czar, positioned within the Ministry of the Civil Service rather than the Ministry of Industry, Innovation, Science, and Technology. This ensures the czar has a cross-departmental mandate. Secondly, risk officers should be appointed in every ministry to monitor threats and report to both the czar and respective permanent secretaries. Lastly, if the government is committed to bringing the data centre online, its operations should be outsourced to a private contractor reporting directly to Cabinet, ensuring clear accountability and mitigating bureaucratic inefficiencies.
The government’s ambitions for a Tier 3 data centre, while technically feasible, appear premature. A phased approach, starting with strengthening current infrastructure and addressing operational inefficiencies, would better align with the country’s needs and capabilities. This strategy coupled with robust governance reforms can pave the way for a more sustainable and impactful investment in critical IT infrastructure.
By prioritising operational readiness and building trust, Barbados can avoid overextending itself and ensure that when the time comes, the Tier 3 data centre delivers on its promise without becoming a liability.
steven@dataprivacy.bb