Leeds City Council repelling 'constant' cyber attacks

Cyber attacks on Leeds City Council are repelled every day

That’s according to a senior officer at the authority, who said work was ongoing to ensure the council’s systems were safe from malicious and accidental security threats to its systems.

It follows a report into the council’s risk management which claimed a cyber attack was “probable” and, if successful, could bring some services to a “standstill”.

The officer told the authority’s scrutiny committee meeting: “This is a key risk and every day we are repelling attacks on the authority’s systems.

“We are ensuring that all our systems are up to date, so we can continue to receive government’s public network certificates.

“We are getting rid of a lot of systems that are outdated – we are systematically removing older systems.

“Another thing is ensuring that we continue to invest in our kit to make sure it is also up to date. Unfortunately, with security issues as they stand, keeping kit for a long time is not an option.”

He referred to the so-called “Wannacry” computer virus, which cost the NHS tens of millions of pounds when it infected computer systems in the Spring of 2018.

It added: “Both software and hardware work is going on. When the Wannacry incident happened, we weren’t affected because of the work that is going on.

“The numbers are quite remarkable when it comes to the number of attacks we repel.”

The council’s annual corporate risk report stated: “With councils making more services available digitally, staff and elected members conducting more work online and working in a more collaborative way with partner organisations – which requires the sharing of resident and business data – ensuring cyber security arrangements are fit for purpose is a key priority.

“The council’s digital infrastructure is under constant attack from accidental and malicious sources, from both inside and outside the boundary of our information technology (IT) network.

“These attacks attempt to disrupt the confidentiality, availability and integrity of our information and could also bring our systems and applications to a standstill. This could severely impact on the council’s ability to deliver its critical services.

“Failure to adequately protect council systems and data from a cyber-attack could ultimately cause death, harm or significant distress to individuals.”

A committee member added that, such is the tightness of security on council email accounts, that they are regularly having to delete emails from their constituents.

Coun Jim McKenna (Lab) said: “We very frequently get emails that [the system says are] ‘possibly malicious’, which I delete, but a lot of it seems to be bona fide things that I should be reading. I think this should be looked at.

“Could we be a bit more selective over what we are asked to delete?

“It looks awful when something is passed onto a councillor when they put in as much information for us as possible, and we just have to press delete on it.”

The authority’s deputy leader, Coun James Lewis (Lab), responded: “Some of the things that residents’ groups send us have the hallmarks of cyber attacks – documents with links in, a spreadsheet with a calculation in it and so on.

“To them it’s really helpful information they are giving us, but to the IT system it looks like a cyber attack. It’s about getting the balance right between deleting things that we need and reading what residents send us in good faith.”