Cumbria

Council hit by cyber attack reveals £2m cost

Sellafield Image copyright PA
Image caption Sellafield is in the Copeland Council area

A Cumbrian council has said it will "never know" whether it was the target of a cyber attack because it is host to the Sellafield nuclear waste plant.

Copeland Borough Council has revealed that an attack on its systems in August 2017 has cost it about £2m.

The hack locked staff out of a number of council services, including payroll, planning and environmental health.

The authority said it had brought in experts to better protect the authority from any future attack.

Copeland, Islington and Salisbury councils were all targeted in the Bank Holiday cyber attack, in which hackers demanded a bitcoin ransom to regain access to encrypted files. No sensitive data was taken.

Some processes were not restored until February this year.

Image copyright Google
Image caption The council said the attack could not have been prevented

Copeland's chief executive, Pat Graham, said: "We will never know if we were targeted because we host the largest nuclear site in Europe and are home to 80% of the UK's nuclear waste.

"But we are of the view that this was a sustained, resourced professional attack. This wasn't a spotty kid in a bedroom. It was an interstate attack."

She said the attack could not have been prevented because the virus used was so new at the time that it was not detected by antivirus software.

Council teams now use cloud storage for key documents.

The authority has also invested in more up-to-date IT equipment, introduced compulsory training and redesigned its internal networks to ensure they can be isolated in the event of a similar attack.

Ms Graham added: "There is no way we could have kept this attack out, but had we had great IT investment we probably would have recovered quicker."

In February a report by privacy group Big Brother Watch based on Freedom of Information requests found that 114 councils experienced at least one cyber attack between 2013 and 2017.

The group said it was "shocked" that staff often lacked cyber-training.

A Local Government Association spokesman said councils were working with the National Cyber Security Centre to ensure systems were as "robust and resilient as possible".

Police and the Information Commissioner's Office are investigating the attack.

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites