Guernsey Press

States is hit again by malicious cyber-attack

THE STATES has again been the target of a cyber-attack.

Published
Last updated
The States has again been hit by a cyber-attack but resolved the issue in less than 48 hours. (28953127)

Described as a ‘sophisticated and potentially serious attack’, it took under 48 hours to resolve.

The last time the States was hit by a malicious attack some operational issues emerged in Health & Social Care whereby staff could not access Covid test data to text or call results to those who had been tested, as part of HSC’s IT system had been taken offline.

That happened on 12 October.

This time, a ‘phishing’ attack sought to overwhelm government email systems and prevent the States from being able to use email.

It temporarily blocked emails from gov.gg accounts to Microsoft and Yahoo email accounts, but these blocks have now been removed.

The attack was an attempt at ‘denial of service’ rather than to steal data and there is no evidence that any personal data has been lost.

States security officers worked alongside its strategic partner Agilisys, specialist security teams in Microsoft and the National Cyber Security Centre, through the night to resolve the incident.

Another previous incident in 2018 significantly impacted the organisation for several weeks, and smaller impacts continued for months.

A spokesperson said the States has learnt the lessons of these previous attacks, built relationships with the new National Cyber Security Centre and invested, as part of the contract with Agilisys, in new systems; further enhancements are due to be deployed in 2021 as part of the IT Transformation programme.

Chief information officer for the States Colin Vaudin said cyber-attacks were, regrettably, now part of the day-to-day security considerations for any organisation.

‘This attack was sophisticated and could have had significant operational impact and caused disruption to the ability of the States to communicate with islanders, businesses and other bodies.

‘While I will not comment on the details of the technical measures we have in place and how we reacted to counter this specific attack I would like to reassure the public that we have been constantly improving our cybersecurity measures meaning we’ve been able to quickly tackle what could have been a very serious attack.’

Policy & Resources vice-president Deputy Heidi Soulsby said: ‘Clearly the government relies on being able to communicate by email both within the organisation and beyond.

‘This is a critical time for us as we continue to manage the Bailiwick’s response to Covid-19 and we need all our service areas to be able to coordinate and communicate quickly and effectively,’ she said.