People in Fife are still counting the cost of a cyberattack on environment body SEPA more than six months after criminals struck.
Scotland’s Environmental Protection Agency (SEPA) lost access to much of its computer and contact network after refusing to pay a ransom demand after a cyberattack on Christmas Eve last year.
Councillor Jonny Tepp, Liberal Democrats, has highlighted the ongoing effect of the cyberattack on SEPA services in Fife.
He said: “Given the extraordinary flooding that Fife has suffered in recent years it seems that the attack could not have come at a worse time.”
Mr Tepp remains unimpressed after receiving a briefing on any continuing effects for people living in the Kingdom.
“I was concerned Fife Council doesn’t seem to know very much about the impact of this. Which was why I asked for a briefing. That only confirmed that we don’t know very much.
“There may be real risks to the environment as a result of this attack.
“I am surprised that such an organisation that is mission critical for our environment was unable to safeguard itself against this attack.”
How is the cyberattack still affecting SEPA’s work in Fife?
Mr Tepp said the briefing confirmed ongoing effects on much of the agencies work in Kingdom.
It follows reports of it disrupting the angling industry in Perthshire.
The strike has affected SEPA’s role in a number of ways.
These include issuing licences. It also includes planning applications and related flood risk assessments plus enforcement activity in relation to contamination.
Mr Tepp added: “It also worries me that human error is still a weak spot in our security systems.
“Give human fallibility it seems inevitable that more and worse breaches will happen. It seems like there should be a smarter system out there.
“None of this should downplay the sheer evil-ness of the perpetrators.
“But it does leave us with major questions of competence at our key Government environmental agency.”
What is a ransomware attack and how does it happen?
Cyber criminals often trick their way into a target’s computer system before stealing and locking files. They demand a “ransom” sum to release the documents.
Several local organisations have fallen victim to the crime in recent years, including Dundee and Angus College.
The SEPA attack affected its contact centre, internal systems, processes and communications.
The attack is still subject to a live criminal investigation.
The perpetrators later published some of the stolen documents on the dark web.
The agency has already lost £2.5 million income from industry permits and inspections, according to ministerial briefings released under Freedom of Information legislation to investigative journalism website The Ferret.
How are SEPA responding more than six months on?
Terry A’Hearn, chief executive of the Scottish Environment Protection Agency (SEPA), said his organisation is still recovering after the “complex and sophisticated cyber-attack.”
He said: “We were clear that we would not use public finance to pay serious and organised criminals intent on disrupting public services and extorting public funds.
“Police Scotland has been clear that SEPA was not and is not a poorly protected organisation.”
It’s been six months since the Christmas Eve #CyberAttack on us. Each week, the availability of our @ScottishEPA. Thanks to all our staff for their hard work and creativity over this period. #OnePlanetProsperity @cosla @ScotchWhiskySWA @NFUStweets @envlink @IoD_Scotland @CIWM https://t.co/Sek41oyTCE
— Terry A'Hearn 🏴🌏🇦🇺 (@TerryAHearn) June 26, 2021
“Whilst within the confines of a live criminal investigation, we’ve been vocal and transparent on the criminal attack, the theft and illegal publication of data, the impact on our services and progress towards our recovery.
“Six months on, many services are back and running and officers have deployed around 850 times.
“SEPA has issued 91 Flood Alerts, 192 Flood Warnings, issued almost 2,500 authorisations and completed or are progressing around 400 planning cases to support Scotland’s recovery.”