East Sussex County Council protecting itself against threat of cyber attacks

East Sussex County Council has been drilling what measures it could take in the event of a major cyber-security breach. 

Thursday, 23rd September 2021, 3:11 pm
Cyber attacks are made against businesses and organisations including public sector bodies

On Wednesday (September 22), the county council’s place scrutiny committee were briefed on what measures were being taken to prevent and mitigate a potential ransomware attack similar to the one which hit Redcar and Cleveland Council last year. 

That attack, which saw around 135,000 people left without online public services, cost Redcar and Cleveland somewhere in the region of £10.4m in lost income, productivity and work to recover and replace IT systems. 

During the meeting, information security manager Khy Perryman told the committee it was inevitable that such an attack would target East Sussex at some point, but that work was going ahead both to protect against it and set up plans to cope with the potential disruption.  

Mr Perryman said: “Ransomware is something you can definitely say is going to happen. You are going to be targeted. You may not be affected, but you will definitely be attacked and people will definitely try and steal your systems. 

“As part of that you have to accept that downtime [i.e. time when an IT system is out of action] is going to be inevitable. Even if East Sussex does everything perfectly right, one of our partners could do something wrong or Microsoft could be hit or lots of our other providers. 

“So one of things we are doing is working with departments and drilling with them what that is going to going to be like so that they can see what their systems are going to have to cope with and how they could cope with ‘what if your system was down for 24 hours, what if it was down for 72 hours, what if it was down for longer than that.’

“From that they can make the determination of what business resilience they need to be able to keep the system going if they didn’t have it in this event, that event or the other.” 

While Mr Perryman said such downtime would be inevitable at some point, he also detailed some of the systems the council has to protect against attackers getting through its cyber defences.

These include a number of technical tools, systems and hardware, which protect the council’s network from attacks. 

He also said the council, in line with national guidance, keeps copies of its data, including an offline backup. This would allow it to restore its systems in the event of a major breach. 

On top of this, the council shares intelligence with neighbouring local authorities such as Brighton and Hove City Council and national partners like the National Cyber Security Centre (NCSC).

The council is also training new cyber security staff in-house, due to a worldwide shortage of skilled staff in the field. This training is at the equivalent of a masters degree level, Mr Perryman said.

Even with these protections, Mr Perryman said the council had to constantly adapt its systems and protections as new technologies and protocols emerge.

He also stressed the importance of information security by anyone using their systems and highlighted the training available to staff and councillors