Written Evidence Jan. 10 2024
Inquiry: FraudFound: FRA0056 - Fraud Cybercrime and Online Harms Practitioner Network (COPRNET) Written Evidence
Asked by: Lilian Greenwood (Labour - Nottingham South)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Secretary of State for Culture, Media and Sport, pursuant to the Answer of 27 November 2023 to Question 2570 on British Library: Cybercrime, which services have already been restored; and what is the planned timetable for the remaining services to be restored.
Answered by Julia Lopez - Minister of State (Department for Science, Innovation and Technology)
The final costs of recovery from the recent cyber-attack on the British Library are not yet confirmed. As it has from the outset, the British Library remains in close and regular contact with the Department on the ongoing work to investigate and assess the impact of the attack and to recover services.
Despite the cyber attack, the British Library’s buildings have remained open and well-used throughout, and it has maintained some key services including reading room access for personal study and some limited collection item ordering, exhibitions, learning events, business support, and onsite retail. In the immediate aftermath essential services such as WiFi and event ticket sales were quickly re-established.
On 15 January, the British Library restored a searchable online version of its main catalogue, comprising records of printed books, journals, maps, music scores and rare books. This will enable a manual process of checking availability and ordering to the Reading Rooms. In addition, it will offer access to an increased range of special collection material such as manuscripts and archives. Taken together, these improvements mean that from this date the majority of physical books and special collections held at its St Pancras site will once again be available for use.
Further updates will be provided as the Library continues to recover from the attack.
Asked by: Lilian Greenwood (Labour - Nottingham South)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Secretary of State for Culture, Media and Sport, pursuant to the Answer of 27 November 2023 to Question 2570 on British Library: Cybercrime, what estimate has her Department made of the cost of restoring services following the cyber attack at the British Library.
Answered by Julia Lopez - Minister of State (Department for Science, Innovation and Technology)
The final costs of recovery from the recent cyber-attack on the British Library are not yet confirmed. As it has from the outset, the British Library remains in close and regular contact with the Department on the ongoing work to investigate and assess the impact of the attack and to recover services.
Despite the cyber attack, the British Library’s buildings have remained open and well-used throughout, and it has maintained some key services including reading room access for personal study and some limited collection item ordering, exhibitions, learning events, business support, and onsite retail. In the immediate aftermath essential services such as WiFi and event ticket sales were quickly re-established.
On 15 January, the British Library restored a searchable online version of its main catalogue, comprising records of printed books, journals, maps, music scores and rare books. This will enable a manual process of checking availability and ordering to the Reading Rooms. In addition, it will offer access to an increased range of special collection material such as manuscripts and archives. Taken together, these improvements mean that from this date the majority of physical books and special collections held at its St Pancras site will once again be available for use.
Further updates will be provided as the Library continues to recover from the attack.
Asked by: Lord Stevenson of Balmacara (Labour - Life peer)
Question to the Home Office:
To ask His Majesty's Government what contribution they are making to international efforts to (1) identify, (2) and counter, cybercriminal gangs who target networks and users in the UK.
Answered by Lord Sharpe of Epsom - Parliamentary Under-Secretary (Home Office)
The UK is a world leader in cyber security. Our operational agencies, such as the National Cyber Security Centre (NCSC) and National Crime Agency (NCA) are a source of international best practice, and we strongly support international cooperation to tackle cyber crime. The Government’s approach to countering this threat is set out in the National Cyber Strategy (2022), under the pillar of detecting, disrupting and deterring our adversaries.
Cyber-crime is a global threat. Criminals and the technical infrastructure they use are often based in uncooperative jurisdictions, making international collaboration essential. Across our law enforcement network, we seek to maximise international links as part of our response to criminal activity. Alongside working closely with UK police and regional organised crime units, the NCA have built crucial relationships with partners such as Europol, the FBI, and the US Secret Service to assess cyber crime risks, share intelligence and coordinate action.
The NCA works to identify cyber criminals impacting the UK, wherever they are in the world. Working with international partners to target and disrupt cyber criminal gangs and the illicit cyber crime ecosystem that supports them. For example, in February 2023, we announced sanctions against seven Russian cyber criminals involved in the notorious organised crime group behind many of the most damaging ransomware groups in the last few years involving TRICKBOT, CONTI and RYUK ransomware. A second wave of sanctions was announced in September demonstrating the NCA’s unrelenting targeting of cyber-criminals.
The UK continues to shape the global conversation at multilateral forums and bilaterally to drive cooperation to deter malicious cyber activity. We have promoted the Budapest Convention on Cybercrime since it was agreed in 2001, and we are taking an active role in the development of the proposed UN treaty on cybercrime, to ensure that it supports international cooperation on tackling crimes that all countries face, while protecting human rights.
Asked by: Bridget Phillipson (Labour - Houghton and Sunderland South)
Question to the Department for Education:
To ask the Secretary of State for Education, what estimate her Department has made of the cost to schools of ransomware attacks in each of the last three years.
Answered by Nick Gibb
The Department does not hold a comprehensive list of ransomware attacks on schools or colleges in each Local Authority in each of the last three years.
It is the responsibility of academy trusts to be aware of the risk of cybercrime, put in place proportionate controls and take appropriate action where a cyber security incident has occurred. The Education and Skills Funding Agency (ESFA) supports the National Crime Agency’s recommendation not to encourage, endorse, or condone the payment of ransom demands.
To support schools, the Department released Cyber Security Standards in October 2022. These standards provide a base level requirement for good cyber security practices in schools, helping to raise resilience across the sector and make schools harder targets. Many of the areas suggested for improvement are low cost or free to implement.
Additionally, the National Cyber Security Centre’s Cyber Security for Schools web page provides practical resources, including training and guidance, on how schools can avoid cyber security threats. The web page can be found here: https://www.ncsc.gov.uk/section/education-skills/cyber-security-schools.
Asked by: Bridget Phillipson (Labour - Houghton and Sunderland South)
Question to the Department for Education:
To ask the Secretary of State for Education, if she will publish a table of the number of schools in England reporting serious cyber incidents in each of the last five years; and if she will make a statement.
Answered by Nick Gibb
The Department does not hold a comprehensive list of ransomware attacks on schools or colleges in each Local Authority in each of the last three years.
It is the responsibility of academy trusts to be aware of the risk of cybercrime, put in place proportionate controls and take appropriate action where a cyber security incident has occurred. The Education and Skills Funding Agency (ESFA) supports the National Crime Agency’s recommendation not to encourage, endorse, or condone the payment of ransom demands.
To support schools, the Department released Cyber Security Standards in October 2022. These standards provide a base level requirement for good cyber security practices in schools, helping to raise resilience across the sector and make schools harder targets. Many of the areas suggested for improvement are low cost or free to implement.
Additionally, the National Cyber Security Centre’s Cyber Security for Schools web page provides practical resources, including training and guidance, on how schools can avoid cyber security threats. The web page can be found here: https://www.ncsc.gov.uk/section/education-skills/cyber-security-schools.
Written Evidence Jan. 10 2024
Inquiry: FraudFound: considering the role of cyber security professionals working to tackle and minimise the harm of cybercrime
Written Evidence Dec. 06 2023
Inquiry: FraudFound: Fraud and cybercrime As we conduct more of our lives and business online, fraud increasingly facilitates
Asked by: Bridget Phillipson (Labour - Houghton and Sunderland South)
Question to the Department for Education:
To ask the Secretary of State for Education, what estimate her Department has made of the number of ransomware attacks on (a) schools and (b) other educational settings in each local authority in each of the last three years.
Answered by Nick Gibb
The Department does not hold a comprehensive list of ransomware attacks on schools or colleges in each Local Authority in each of the last three years.
It is the responsibility of academy trusts to be aware of the risk of cybercrime, put in place proportionate controls and take appropriate action where a cyber security incident has occurred. The Education and Skills Funding Agency (ESFA) supports the National Crime Agency’s recommendation not to encourage, endorse, or condone the payment of ransom demands.
To support schools, the Department released Cyber Security Standards in October 2022. These standards provide a base level requirement for good cyber security practices in schools, helping to raise resilience across the sector and make schools harder targets. Many of the areas suggested for improvement are low cost or free to implement.
Additionally, the National Cyber Security Centre’s Cyber Security for Schools web page provides practical resources, including training and guidance, on how schools can avoid cyber security threats. The web page can be found here: https://www.ncsc.gov.uk/section/education-skills/cyber-security-schools.
Written Evidence Dec. 13 2023
Inquiry: Cyber resilience of the UK's critical national infrastructureFound: acknowledging the role of cybersecurity professionals working to tackle and minimise the harm of cybercrime