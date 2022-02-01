Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Folder An icon of a paper folder. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. Linked In An icon of the Linked In logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo.
Sepa continues to count cost of 2020 cyberattack, report says

By Press Association
February 1 2022, 11.08am Updated: February 1 2022, 11.42am
The Scottish Environment Protection Agency suffered a sophisticated ransomware attack in December 2020 (Brian Lawless/PA)
A key environmental body is still working to rebuild its computer systems more than 12 months on from a cyberattack which crippled its network, with the full financial impact of the incident still unknown, a report has said.

The Scottish Environment Protection Agency (Sepa) fell victim to a sophisticated ransomware attack on Christmas Eve 2020, with criminals demanding payment and the majority of the organisation’s data encrypted, stolen or deleted overnight.

The Auditor General for Scotland said in a report into the attack on Tuesday that Sepa bosses are still trying to calculate the cost of the cyberattack and accounting records have had to be recreated from bank statements, leaving auditors unable to fully examine its finances, including £42 million of contract income.

Auditor General Stephen Boyle said the incident “highlights how no organisation can fully defend itself against the threat of today’s sophisticated cyber-attacks” and it is “crucial that organisations are as well-prepared as possible”.

“Sepa was in a solid starting position but it will continue to feel the consequences of this attack for a while to come,” said Mr Boyle. “Everyone in the public sector can, and should, learn from their experience.”

Reviews into Sepa’s cybersecurity have found its defences were good but there are indications the ransomware software, which demands payment in a cryptocurrency like BitCoin in exchange for the password to retrieve the data, found its way into the network through a phishing email.

Investigators think Sepa’s systems were infiltrated before the December 24 attack, which allowed hackers to spread the malicious software, but the original source of the attack is still yet to be determined.

When the attack was launched staff were alerted and they began to isolate parts of the network, but because it happened out of hours further escalation was not completed until early on Christmas Eve morning.

The report found that despite Sepa following best practice for backing up its data, the “sophisticated nature of the attack meant that online back-ups were targeted and corrupted at an early stage, meaning there was no way of accessing historical records quickly”.

The report said Sepa was able to continue delivering its key services, like flood warnings, within 24 hours of the attack but, more than 12 months on, it is still rebuilding its digital infrastructure.

In the report’s conclusions, it said the organisation had “a number of areas of good practice” which included “Sepa’s quick response and business continuity arrangements that enabled it to continue delivering critical services, and its open and transparent communication with staff and wider public”.

The report said Sepa “recognises that the cyber-attack has increased the medium to longer term financial pressures on the organisation” and that “key systems have been rebuilt, such as Sepa’s financial accounting system, with others being built from new and data recovered or recreated securely, and this will take time”.

Terry A’Hearn, Sepa’s chief executive, quit his job late last month after the organisation said there were “conduct allegations” made against him.

Jo Green, its chief officer, has become the acting chief executive and is being supported by the agency’s management team.

Net Zero Secretary Michael Matheson was asked about the cyber attack when he spoke to a Holyrood committee on Tuesday.

He said: “Sepa continue to make good progress in recovering from the cyber attack.

“There’s been a range of assessments carried out on the impact it had on their operations and their recovery.”

Other public sector bodies were learning the lessons from the “serious and sustained” attack, he said.

