Council to spend £1m to enhance cyber security against threats from Russia

Essex County Council is to spend £1m to enhance cyber security due to possible threats from Russia.

Technology Services are seeking approval to draw down £1m of funding from the Technology Solutions Reserve to enhance Essex County Council’s cyber security footing to address the global threat of cyber-attacks over the next year.

It comes after the National Cyber Security Centre (NCSC) advised of a “recent and increased threat level stemming primarily from Russia, resulting from the ongoing unprovoked, pre-meditated attack on Ukraine”.

There is also a heightened risk of ‘copycat’ attacks as a second wave as global IT systems are exposed to new forms of cyber malware.

As a result, the NCSC has written to Essex County Council and other organisations with specific advice to bolster their online defences.

A statement as part of a decision notice with Councillor Christopher Whitbread, cabinet member for finance, resources and corporate affairs said: “A successful attack would result in significant damage, disruption and cost to Essex County Council and the residents of Essex.

“Whilst there are security measures currently in place, this proposal will add significant layers of resiliency to bolster technology services’ cyber security, operational monitoring, and our ability to respond effectively to any attack.

“This investment will provide security and assurance to Essex County Council’s full range of operational services, change initiatives, and therefore underpins all strategic objectives in Everyone’s Essex.

“The investment will enable Essex County Council to continue to support broad service excellence by ensuring greater resilience and service availability for the citizens of Essex.”

The new threat level centres around state-sponsored hackers who are actively deploying ‘zero day’ attacks, the council has said.

These are especially dangerous as by definition they are new and unseen so there is often minimal protection against them.

The intent can include taking over entire networks or computer systems, often requesting significant payment demands to reverse the damage caused.

Cyber-attack objectives may also include but are not limited to data theft and disruption, and there is a heightened risk from a second wave of attacks from ‘copycat’ actors utilising and repurposing the same new techniques.

Such attacks could be motivated by intent to cause disruption, organised criminal activity or as an indiscriminate or automated action, the council adds.

To illustrate the potential impact, Essex County Council points to an incident in October 2020 when the London Borough of Hackney suffered a cyber-attack by suspected organised criminals.

This affected multiple services and resulted in loss of key data and posting personal data to the dark web.

The direct cost of remedial work was reported at £10m and resulted in significant and extended disruption to employees and residents.

A letter sent to councils across the county from Lord Greenhalgh Minister of State for Building Safety and Fire warned about the current threat to local authorities from cyber-attacks on February 17 – a week before the invasion of Ukraine began.

He said: “In light of the current tensions in Ukraine, and recent malicious cyber incidents, I am writing to you about the current threat to local authorities from cyber-attacks. The National Cyber Security Centre (NCSC) recently updated guidance on the increased threat which you may find particularly helpful.

“The NCSC are currently investigating reports of malicious cyber incidents in Ukraine, and these attacks serve as a reminder of how serious this threat can be. Whilst we are not aware of any current specific threats to UK organisations, you will be aware of some recent high-profile cyber incidents in local authorities – they are disruptive for residents and councils, and they can be expensive to fix.

“I encourage all councils to follow some basic steps to reduce the risk of falling victim to an attack, and to help recover more quickly if one does succeed.”

He has asked councils have taken all reasonable steps to reduce the risks, such as checking that backups and restore mechanisms are working, installing all current security patches, ensure that online defences are working as they should, keeping up to date with the latest threat information from NCSC, improving access controls and making sure that councils have effective and up to date incident response plans.

“Obviously, it is much easier to do this now, rather than during a live attack,” he said.

“I am asking you to act now to reduce risks to your residents, your services, and your staff, so that you are prepared for any incident, and can keep services running. We will continue working with the NCSC to closely monitor the situation to help organisations to stay ahead of the threat, and I look forward to continuing working with you to support the vital work that local authorities do.”

Advertisement

Piers Meyler

Local Democracy Reporter