SEPA cyber attack recovery could take ‘two years’, says organisation’s boss
The recovery of IT systems for Scotland’s environment watchdog could take ‘two years’, according to the organisation’s chief executive.
Terry A’Hearn, who runs the Scottish Environment Protection Agency (SEPA), has told BBC news that it may be another 24 months before the full restoration of the agency’s computer systems.
Sepa was locked out of its network on Christmas Even after falling victim to ransomware gang Conti, and has been in recovery mode ever since.
Mr A’Hearn, who chaired emergency meetings in the aftermath of the cyber attack, and was supported by police and cyber agencies, has spoken publicly several times about the incident.
In his latest interview he told the BBC: “I think this a process that will take a year or two.
“We had reform aims anyway, we were going to build a new IT system progressively over five or six years.
“This is an opportunity we didn’t want provided by criminals, but we’ve decided to fast-track that and will build that in one or two years.”
Sepa refused to cooperate with the hackers – who are thought to be Russia-based and have a string of other victims including Aspire, a homeless and housing support agency in Glasgow. The health service in Ireland also recently fell prey to the gang. As a ‘punishment’, the gang dumped a cache of Sepa’s commercial data on its dark web blog, which included private conversations between senior management and some staff grievances.
Mr A’Hearn added: “If we had paid then we would have increased the risk for everyone else.”
The public body’s core services – including flood forecasting and protection – have been reinstated and a Microsoft 365-based system has been implemented.
However the organisation also spent £800,000 on trying to recover data from the cyber incident, but Mr A’Hearn has acknowledged that although the vast majority of it will be recoverable some of it will not be. He questioned whether some of the data was actually that essential to the work the agency has done in the past; Sepa has also relied on external help from trade associations that collected their data as part of their work.
Police Scotland is still investigating the incident but the time lag between identifying the ransomware gang and issuing criminal proceedings suggests there may be significant challenges in bringing anyone to justice.