The repercussions of a criminal cyber-attack on Comhairle nan Eilean Siar will be lengthy, expensive and wide-ranging, according to a report from chief executive Malcolm Burr to councillors on Wednesday (29 November).
And while teams and supporting agencies are working ‘at pace’ on ways to recover services, the process is likely to continue for months, with some areas of work delayed or postponed.
But there is no truth to media reports that any information has been published or misused, or that the council is short of money as a result of the incident, and it’s too soon to say how long it will be before the full impact is known.
A Comhairle spokesperson told welovestornoway.com today (Friday): “This is an ongoing investigation into a criminal act. There is currently no indication that any data has been extracted from the server or published.
“The Comhairle's priority is the continued delivery of services. For service delivery to continue, the Comhairle will require additional resources that will incur a financial cost.
“It is too early to estimate what this cost will be, assessments into this are ongoing. Once more is known these costs will be budgeted for and, if required, the Comhairle will pursue financial support from relevant authorities.”
Nevertheless, it has become obvious over recent days that the population of the islands will feel the impact of the attack in numerous ways.
Yesterday (Thursday) islanders were asked to use email to contact council departments, because the temporary telephone system is not designed to handle a large number of calls.
Some council phone numbers are unavailable and recorded messages are issuing non-functioning numbers, users have reported.
Meanwhile on Wednesday trading standards officers said that scams were on the increase which, while not directly connected to the cyber-attack, could mean that ‘opportunistic scammers may have seen reports of the attack and subsequently targeted individuals in the Western Isles.’
And at last week’s series of meetings, Councillor Frances Murray raised the issue of heritage data security, suggesting that 30 years of archive material could have been lost due to the attack.
A spokesperson for CnES responded to that point by saying: “Our archives, like all Comhairle services have been impacted by the inaccessibility of information following the cyber-attack. It is not possible to make assessments on how long-term this impact will be.”
At Wednesday’s meeting chief executive Mr Burr told councillors he has been delegated authority to establish a temporary recovery and service delivery structure over a period of one year, with last week’s human resources sub-committee approving this course of action.
He said that forensic investigators had found that data on the Comhairle’s operational and backup servers is encrypted and currently unavailable.
And, he said: “The Comhairle is likely to incur significant additional costs associated with the recovery phase of this incident and will seek financial assistance and continued expert help, especially as further details of the recovery operation become clear.”
Mr Burr has made contact with the Scottish Government’s minister for local government Joe FitzPatrick and has also received a number of offers of assistance from across the Local Government sector and beyond.
He told STV News after the meeting that Mr FitzPatrick was prepared to work with the Comhairle once the scale of their task had become clearer.
And he also told reporters: "We will seek support from partners such as the Scottish Government with this because this is, after all, an emergency event, a resilience event.”
The cyber-attack itself is still under investigation with the help of Police Scotland, Scottish Government and the National Cyber Security Centre.
Every council team is working to identify the implications of the incident for their own department but, said Mr Burr, the IT Team is under particular pressure, with recovery or rebuilding of critical systems and infrastructure.
He said: “It is important that the IT team is supported …. this situation requires a revised approach that enables resources to be deployed to the recovery process as well as maintaining a front-line business support service.”
The nature of the attack means CnES are unable to gain access to data, but cybersecurity experts are staying alert for possible incidents of compromise which might show breaches of personal data security.
On all these topics, Mr Burr said communication with the public would continue to be through press releases, adding: “The provision of clear and focused communications has been and remains a priority for the Comhairle during this time.”
The temporary CnES website remains available at cne-siar.gov.uk, where they say: “The current priority is to restore and secure data and ensure the continued delivery of services to those in our communities who need them most.”
Pictures: Frontline services such as care and waste collection are being prioritised (CnES).