Cyber Incident Victim: Colombia Compra Eficiente
Date:
May 2023
Location:
Colombia
Summary
The Sistema Electrónico de Contratación Pública (SECOP) platform, administered by Colombia Compra Eficiente, was compromised in a cyberattack. The incident rendered the state's public procurement systems inoperable and under the control of the attackers. A criminal investigation into the breach was initiated by the Fiscalía. The agency stated that no data was compromised and that platform data remained secure throughout the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around May 1, 2023, the computer systems of Colombia Compra Eficiente, the agency responsible for administering the Sistema Electrónico para la Contratación Pública (SECOP II), were compromised by cyber attackers. The incident became publicly known on May 2, 2023, when reports confirmed the platform had been hacked. The attackers successfully seized control of the public contracting platform, rendering the systems vulnerable and under their dominion. Internal sources from the contracting agency indicated that systems engineers were actively attempting to find a solution to the breach but had not met with any success at the time of the initial reporting.
Colombia Compra Eficiente serves as the National Agency for Public Procurement and is the central entity tasked with managing SECOP and other technological tools that supply transparent and real information regarding the contracting processes carried out by the Colombian state. The platform is fundamental to the operational transparency of government procurement, handling a vast amount of sensitive contractual and financial data. Following the discovery of the intrusion, the agency itself confirmed that an investigation had been conducted which identified that the platform had indeed fallen victim to a cyber attack. In response to these findings, the agency convened a meeting with state security organisms to formally investigate the incident and determine the appropriate response measures.
Despite the severity of the attack and the loss of control over the platform, Colombia Compra Eficiente issued a statement assuring the public that the data housed within its platform had remained secure and was not compromised. This assertion indicated that, from the agency's perspective, the integrity and confidentiality of the actual data records were maintained even though the platform's operational control was temporarily seized by the threat actors. The broader implications of the attack were significant due to the critical role the platform plays in the national infrastructure. The Tablero de Contratación, or Contracting Dashboard, which provided detailed data on public procurement, had already been unavailable since the beginning of 2023, and this cyber attack further disrupted access to vital information.
The Fiscalía General de la Nación, Colombia's Attorney General's office, initiated an investigation into the facts surrounding the cyber attack. This involvement of a high-level law enforcement body underscores the serious nature of the incident and its potential impact on state security and public trust. The investment figures processed through this platform are substantial; according to data from late 2022, the state invested over 13 trillion pesos in the acquisition of more than 253,000 products through approximately 248,000 contracts. The disruption of a platform managing such significant financial transactions represents a major incident with considerable operational and financial repercussions for government entities and private suppliers alike.
The attack had immediate and tangible impacts on the flow of information essential for the functioning of the state. The correct operation of the digital platforms created and administered by Colombia Compra Eficiente is paramount for a wide range of stakeholders. Citizens, control bodies, providers, and state entities themselves all depend on the platform to receive accurate and timely information regarding public contracting processes. The incapacitation of SECOP II meant that the normal receipt of this critical information was interrupted, potentially delaying procurement processes, hindering transparency, and affecting the ability of oversight organizations to perform their duties. The incident highlighted the systemic reliance on this single point of failure for public procurement data and the vulnerabilities inherent within that model.
The response actions were focused on investigation and assessment. The primary response from Colombia Compra Eficiente was to engage its internal systems engineers to find a technical solution to regain control of the platform and to formally bring the matter to the attention of state security agencies for a comprehensive investigation. The public statement released by the agency served to acknowledge the incident while attempting to reassure stakeholders about the security of their data. The involvement of the Fiscalía added a criminal investigative dimension to the response, seeking to identify the perpetrators and the methods used in the attack. The duration of the platform's downtime and the specific technical measures taken to contain the breach and restore full functionality were not detailed in the immediate aftermath of the public disclosure. The event brought renewed attention to the platform's importance and its vulnerabilities, referencing ongoing discussions from late 2022 about Colombia's search for a new Secop platform, indicating pre-existing concerns about the system's infrastructure and security posture prior to this significant cyber attack.