COPELAND council is still counting the cost of a cyber attack that brought the authority to its knees more than a year ago. The bill from the terrorist attack on Britain’s nuclear heartland is set to run up to an estimated £2 million, with the council not expected to fully recover before March next year.
The council was crippled by the attack launched before the August bank holiday of 2017 in which hackers demand a bitcoin ransom from Copeland to get access to encrypted files.
But Pat Graham, chief executive of the council, has only now revealed the full depth of the crisis as the authority comes into the home straight of its marathon recovery effort. She also revealed that the council is the subject of a special case study designed to help authorities across the UK prepare for similar cyber attacks.
Ms Graham said that while the attack could not have been prevented, valuable lessons have been learned from what happened. She also took the opportunity to thank staff for the way they had handled the crisis, praising their hard work during the painful months that followed.
The attack came on top of the council’s financial woes including the discovery of a £13 million black hole left by the former Labour leadership and more than a decade of central Government cuts.
Ms Graham said: “We are of the view that this was a sustained resourced professional attack. This wasn’t a spotty kid in a bedroom. It was an interstate attack. “We will never know if we were targeted because we host the largest nuclear site in Europe and are home to 80 per cent of the UK’s nuclear waste.
“This is a council that has seen its budget cut by 40 per cent and has lost a third of its staff but this has been by far the biggest leadership challenge. It’s been over a year and we are still living with it. “We have talked to other councils and they have listened to us but they are still unprepared for this.
“If you think of your worst nightmare and multiply it by three you start to get a picture of where we were. As a result of the attack, council teams will now keep key documents on “the cloud”, a type of internet storage. The authority has also taken steps to beef up its cyber resilience including compulsory training for staff; re-designing networks to help isolate future attacks; and making sure knowledge gleaned from what happened is passed on to the next generation of council workers. Copeland has also re-drafted its online strategy as well as employing a crack squad of specialists who worked for three days to see if they could find a chink in the council’s cyber armour. The council lost access to important information associated with planning, environmental health and food safety, which had a huge knock-on effect on staff. The authority had no financial systems including payroll, and fuel for the council’s fleet could not be paid. Staff were only able to receive a basic payroll with no overtime or expenses. Restricted access to land charges held up house sales and a backlog of more than 8,000 council tax and business rates bills could not be issued until February the following year. The attack also increased staff workloads and hit morale, with some members of the devastated workforce losing up to a decade’s worth of work. Fortunately, the revenue and benefits system which helps some of Copeland’s most vulnerable people was based in Carlisle and was unscathed in the attack while the authority’s crematorium booking system was unaffected. Copeland was one of three councils hit by the cyber attack including Islington and Salisbury invited to share their experience at a Local Government Association conference. “If it was a competition, in terms of severity we won. The LGA was rocked by what we told them. “There is no way we could have kept this attack out but had we had great IT investment we probably would have recovered quicker. But the fact that our services were maintained throughout it is a credit to our workforce – and I’m very proud of them.” Timeline August 2017 in the week before the bank holiday weekend the council reported a couple of IT problems and started to run its anti-virus software. Bank holiday weekend – the virus started to infiltrate council computers and started encrypting data. The virus was so sophisticated that it if it encountered a file that was “too big” it would leapfrogging over it to do as much damage as possible as quickly as possible before returning later to encrypt the larger documents. Tuesday after the bank holiday – staff return to work to discover that the council had been hit by the cyber attack. The council spends fives week without basic computer functions. Mid week. The council begin to appreciate the scale of the crisis. The council swiftly sets up a command structure to tackle the crisis. Three days after the attack – most of Copeland’s filed have been encrypted. No one in Copeland has access to any files or systems saved or shared on personal drives. The only accessible files were those stored on individual devices or on Microsoft OneDrive. The virus was so new at the time that it was not recognised by antivirus software. The council ran more than 60 anti-virus software programmes in the aftermath of the attack but only two of these picked up that anything was amiss. McAfee anti-virus software which is often used by councils nationwide did not detect the virus. The senior management team briefed staff and told stakeholders they would not only experience disruption to normal council services but might also be put at risk from the attack. The council informed the Police cyber-crime unit and the Information Commissioner’s Office (ICO).
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here