The Scottish Environment Protection Agency was hit

by a devastating cyber-attack on Christmas Eve

“We pretty quickly got a handle that it was big. We’d been locked out”

Terry A’Hearn, chief executive of Sepa

“really pulled together”, A’Hearn added, and he speaks in glow- ing terms for the professionalism of teams who figured out how to carry on vital work like flood monitoring. “We’re pretty practised at

saying, ‘Right what’s going on? What do we need to do?’ Getting our flood alerts and warnings is the most critical and immediate thing we do, as in the worst-case scenario that is life and death. We were able to do that in the first couple of days and it was great. Te flooding guys said the weather forecasts are that it’s going to be dry for the next week; that gave us the week to prioritise underpinning the system, we were able to do the same thing in a week’s time.” In successive days, the agency

worked on recovering core services

which range from issuing licences for septic tanks, to dealing with hazardous waste. Sepa has literally thousands of customers on its database, spanning 34 sectors of the economy. Much of the work has been done via third parties, such as industry trade associations, which have helped Sepa issue information to stakeholders. Whilst the situation is recover-

able in those instances, there is a lot of data Sepa is resigned to losing. But A’Hearn is sanguine. “We may have lost a lot of water quality monitoring data, but when we rock up to a river or a loch – when we get back out in the field – will the river or the loch notice that we don’t have its historical data?,” he says. “To do what we need to do next, how much do we need that historical data? In some cases it will be ab-

solutely fundamental but in some cases won’t matter as much.” Sepa has started to rebuild

functionality, too, with Scottish Government laptops and tempo- rary email addresses due to move back within Sepa’s own archi- tecture – under a new Microsoft licence – soon. But the road is long, and “building back better” is going to take time, and a new security approach. On that front, Police Scotland

has told Sepa that it was actually “well protected”, according to A’Hearn, which is perhaps a salu- tary warning to other organisa- tions who will be feeling the need to increase their own vigilance in the wake of Sepa’s experience. For A’Hearn, he is clear that he

wants a leaner, more cohesive ap- proach to IT. For an organisation such as Sepa, which is 25 years

old in April, it has inevitably been built on a patchwork of systems developed sometimes incongru- ously over the years. “What I want as we redevelop our systems is that we have this overwhelm- ing, powerful focus on what is the business need we’re trying to address. And then we build the simplest and smallest number of IT systems to support our busi- ness needs,” says A’Hearn. He adds: “What we have done

in the first two months has been essential, although we’ve only done a small proportion of what we need to do to recover. But I think we’ve done well enough, with lots of support from others, to put us in a position where it’s in our own hands now. We’ve got a very long road ahead of us, but I think we’re in a position where we can make a success of it.” l


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44