Issue - meetings
Report on the Impact of the Cyber Incident and the Lessons Learnt
Meeting: 06/12/2023 - Cabinet (Item 53)
53 Impact, Recovery and Lessons Learnt from the Cyber Attack in December 2021 PDF 151 KB
To consider the report of the Cabinet Member for Performance and Resources seeking Members to note the impact of the cyber-attack on the Council, residents and customers, and the lessons learnt from the subsequent recovery.
Additional documents:
- Appendix 1 Executive Summary of the Incident, item 53 PDF 706 KB
- Appendix 2 ICO Reprimand, item 53 PDF 239 KB
Decision:
RESOLVED that:
(1) the contents of the report on the cyber-attack are noted;
(2) it is noted that the Council has learnt a number of lessons from the cyber-attack that occurred in December 2021 and that these will be monitored by the Council’s Information Governance Board to ensure they are embedded.
Minutes:
Cabinet considered the report of the Cabinet Member for Performance and Resources that sought Members to note the impact of the cyber-attack on the Council, residents and customers, and the lessons learnt from the subsequent recovery.
The Cabinet Member for Performance and Resources reminded Members that the report had been considered by the Overview and Scrutiny Committee (27th November 2023 minute 68). She took the opportunity to express her gratitude to all officers who had worked so hard to ensure that the authority could continue to operate throughout the incident. The Cabinet Member for Performance and Resources gave special thanks to the Managing Director, the S151 Officer and the entire IT Team for their dedication.
The Cabinet Member for Culture and Leisure highlighted the stress experienced by officers at all levels and added his own gratitude for them having performed so well in such challenging circumstances. The Cabinet Member for Environment informed Members that he believed officers to have done an amazing job.
RESOLVED that:
(1) the contents of the report on the cyber-attack are noted;
(2) it is noted that the Council has learnt a number of lessons from the cyber-attack that occurred in December 2021 and that these will be monitored by the Council’s Information Governance Board to ensure they are embedded.
Meeting: 27/11/2023 - Overview and Scrutiny Committee (Item 68)
68 Report on the Impact of the Cyber Incident and the Lessons Learnt PDF 152 KB
To consider the report of the Cabinet Member for Performance and Resources seeking Members to note the impact of the cyber-attack on the Council, residents and customers, and the lessons learnt from the subsequent recovery.
Additional documents:
- Appendix 1 - Executive Summary of NCC Group Report, item 68 PDF 182 KB
- Appendix 2 - ICO Gloucester City Council Reprimand, item 68 PDF 239 KB
Minutes:
68.1 Councillor Norman introduced the report and welcomed the Head of Transformation and Commissioning. She paid tribute to all Officers for their hard work and innovation during the cyber incident and subsequent recovery. In particular, she thanked the Managing Director and former Director of Finance and Resources for their leadership, as well as the Council’s IT team for their dedication in recovering the Council’s IT systems.
68.2 Councillor Hilton thanked the Head of Transformation and Commissioning for the report and Council staff for their work in dealing with the cyber incident. He noted that the latest figures confirmed a total recovery cost of £1.142m and observed that the costs had therefore exceeded £1m. He asked whether the recovery had improved systems, and whether all applications had been transferred to the Cloud. Councillor Norman stated that she had previous asserted that she was not willing to give assurances that the total recovery costs would not exceed £1m, and that the Council had received some grant funding towards the costs. She also noted that some of the recovery work was already part of the IT recovery plan and that it had front-ended some upcoming planned improvement work. The Head of Transformation and Commissioning further added that an advantage of the Cloud was that it increased resilience through a distributed structure. He added that the investment had provided the opportunity to reengineer systems from scratch.
68.3 Councillor Hilton asked whether the Council had made a mistake in not investing in its IT systems earlier, particularly following the cyber incident experienced by the Council back in 2014. Councillor Norman noted that the latest attack experienced by the Council was sophisticated, however the Council had invested in its IT systems and was already in a much stronger position than other authorities at the time of the 2021 cyber-attack. The Managing Director also advised that the Council had heavily invested since 2014 in improving its defences, upgrades, and improving awareness and business continuity plans. He stated that hostile agents were evolving threats and it was his view that the Council was not unprepared for the attack.
68.4 Councillor Wilson referred to the narrative in the report at 12.1 and the statement that the configuration of some systems had been customised by external consultants. He asked whether this had the potential to make the Council’s systems weaker if this happened in the future. The Managing Director noted that one positive arising following the incident was that the Council’s backups were still intact. However with the Uniform system used for planning applications, as all Councils’ systems were configured differently, this application had needed to be rebuilt from scratch before the backups could be loaded. He noted that this could be a lesson for all Councils to learn from.
68.5 In response to a query from Councillor A. Chambers regarding whether the Council ought to have adopted the same IT as Gloucestershire County Council, Councillor Norman explained that lengthy discussions had taken place at the time of the ... view the full minutes text for item 68