A Scottish local authority impacted by a cyberattack is turning to technology as it seeks to recover and rebuild from the incident.
Comhairle nan Eilean Siar was hit by a suspected ransomware attack in November – forcing systems offline and staff to find workaround solutions to keep services running.
But the council, which serves a population of just 26,640 people across the Western Isles, is migrating some systems to “cloud-based alternatives” as part of a digital response.
The attack caused “significant disruption” to the council – including to benefits payments and children and adult social care services.
The incident led to a multi-agency response, including the Scottish Government, Police Scotland and the National Cyber Security Centre.
A forensic investigation – which was aided by computer experts from Dell – revealed there was no evidence of data extraction. Systems remained impacted for many weeks, during which the council embarked on a programme of recovery.
Now, the council, whose headquarters is in Stornoway, Isle of Lewis, has commenced education and outreach work.
It is seeking to help people in the community understand the impact of cybersecurity and to bolster online resilience.
Working alongside Cyber and Fraud Centre – Scotland, it will host a cybersecurity information session for local organisations on 30 April at the Caladh Inn in Stornoway.
The event is designed to provide information on key cybersecurity topics to private sector, third sector and public sector organisations.
Malcolm Burr, chief executive of Comhairle nan Eilean Siar, pictured below, said: “Following the cyberattack on 7 November, I commented that all organisations were vulnerable to attacks of the nature that the Comhairle experienced.
“That statement has sadly been proved right by the experience of organisations across Scotland and the UK. To prepare for, prevent and mitigate the impact of such attacks it is crucial that we all take every opportunity to learn more about the ever-changing cybersecurity landscape. I would encourage all private, public and third sector organisations to attend this event.”
In a statement, the council added: “Since the cyberattack, the Comhairle has taken steps to improve the security of systems and safeguard data.
“Alongside improved security measures the Comhairle views cybersecurity education as a key step that any organisation can take to improve cyber resilience.
“To support this the Comhairle is hosting training for our internal management team and is encouraging local organisations to attend the Stornoway-based cyber roadshow sessions.”
The council stressed that its response to the cyberattack is ongoing and continues to be led by its incident management team (IMT).
The team includes key representatives from within the organisation who meet weekly to prioritise system rebuilds and advise the corporate management team.
Since the attack the IMT has also taken expert advice from external organisations and the council’s own IT team.
In a report to Comhairle nan Eilean Siar’s Policy and Resources Committee on 24 April, Burr noted: “The incident management team continues to work closely with services to identify areas where support is required and to explore opportunities to improve and future-proof service delivery.
“The IMT is also exploring potential digital efficiencies where services can gain additional benefits from the rebuilding process.
“It is inevitable that there will be additional costs resulting from the cyberattack and further information will be provided to the Comhairle as these costs become available. The Comhairle will seek financial support on the costs associated with the rebuild.”
Those costs, which have yet to be specified, will be sought from the relevant central government bodies, a council spokesperson added.
The council has been praised, however, for the way it has worked with authorities in the aftermath of the attack, which is yet to be attributed to a specific hacking gang.
Alex Dowall, a former Police Scotland detective superintendent, overseeing cybercrime, has recently taken up the role of head of fraud and cyber at the Cyber and Fraud Centre – Scotland.
Dowall, pictured beneath, said that the centre had been involved with the council from the outset following a call to its incident response hotline service.
“Since then, we’ve just continued to remain in contact with them, providing support and reassurance and to direct them into any suitable partner that may be of additional benefit,” said Dowall.
Dowall, who had a 30-year policing career, said that the centre had supported the council to understand what had happened to them, before they started to get basic services up and running again.
And he praised the council for seeing the attack as an opportunity to upgrade its IT infrastructure. “We see across a number of victims of cyberattacks, [that] they think that the infrastructure they have in place is sufficient and secure, and it really is a case of if it looks like it’s not broken, don’t fix it,” Dowall said.
“But we know that modern technology provides more security, because of the modern features that most of them have built into them.
“So, you can see why Western Isles Council would be looking to use more technology, and modern technology, whilst they’re looking to take those very first steps in rebuilding their infrastructure and services for the communities.”
Dowall said the information session in Stornoway was an opportunity to engage with business owners and charities to reinforce the message of online resilience, with practical tips and guidance to help them.
He also commended the council’s leaders for their “positive” reaction to the cyberattack, especially during a time of constrained budgets and finances for local authorities.
He added: “Whilst cybersecurity can be a very expensive side of any organisation, good cyber habits and a good cyber culture don’t really cost anything.”