Summary of Digital Resilence and Case study of Copeland

-

A summary of the methods used to implement digital resilience

  • Installation of software updates/upgrades
  • Replacement and removal of hardware
  • Adding redundancy into systems
  • Decommission and remove legacy hardware and software
  • Device hardening:
    • Removing unneeded applications, ports permissions and access
    • Limiting user account functions
  • Maintaining effective back-up systems:
    • On-premises
    • Off-site/remote
    • Cloud
  • Appropriate and reviewed standard operating procedures (sops)
  • Structured staff training for:
    • New hardware/software
    • Staff inductions
    • New and updated policies and procedures

A summary of the methods used to implement digital resilience

  • Risk analysis of digital system's resilience
  • Planning for disruption scenarios
  • Planning for disruption scenarios
  • Planning disaster recovery and conducting recover exercises
  • Documenting lessons learnt and incorporating resilience in the continuous improvement part of the lifecycle (ITIL)

A summary of the benefits to the organization of being digitally resilient

  • Increased security:
    •  Secure transfer of data
    • Secure storage of data
    • Reduced system vulnerabilities
    • Reduced probability of targeted cyber attacks 
  • Increased reputation and profile:
    • Customer confidence
    • Protects brand image
  • Lower downtime of services

Activity

Based on the case study of Copeland Borough Council:

Prepare a presentation for Wednesday.

The content will be:
  1. Lessons learned from the Copeland Borough Council disaster.
  2. An action plan to implement digital resilience that would have prevented this disaster.
  3. The impact of the disaster on the organization and its clients.

Some of the Lessons Learned

  • Be prepared 
    • Makes sure that the investment into cyber security is worth it, appropriate and sufficient
    • Makes sure you have some plans in the event of a total IT loss scenario
    • Don't always assume that your IT infrastructure is safe and makes sure to get it tested
  • Data and system security is the responsibility of everyone
    • Everyone needs to make sure that they are storing sensitive data securely and making sure that it is not at any risk of being breached
    • Educate staff on making sure that they don't install applications that might harm the device or the network
  • Make sure that people take the time to properly and safely make backups of their files and multiple and multiple ones (for example, using the cloud, storage out of site, and more storage on site).
  • Oversite and verification of IT in the enterprise
    • IT inform business decisions – not make them. Business staff do not make the IT input and advice, and they should just leave it to the professionals.
    • Do not underestimate how long the recovery will take and lasting impact on all who was involved.

Advice

  • Take cyber-attacks seriously and make sure to be prepared
  • Well maintained firewalls and supporting network devices
    • Ensure all points of ingress and egress and covered
  • Make sure to test for vulnerable points in the business and makes sure to address them ASAP when they get identified
  • Make sure you know what it is happening in the network and who has access to it throughout the day.
  • Follow advice from the national cyber security program centre
  • Know the organisations that one can contact if they get into this sort of situation.

 

Impact

  • All computers switched off, unable to print, unable to access anything
  • No finance
    • 2 weeks until pay day
    • 1 week to pay for diesel for waste collection services
  • Local by-election called
    • No access to electoral register, or election systems
  • Land searches backing up and housing market grinding to a halt 
    • Families forced to stay in hotels 
  • SLT 
    • Business as usual couldn't happen 
    • Impossible to understand what had happened, or, if and when we will switch on

How the council dealt with it

  • Reverted all their operations to pen and paper and the ability to pay the staff was affected.
  • Staff where possible were dispersed to work in non-council and where feasible neighboring local authorities, if  that enabled them to have access to relevant IT systems external to the council.
  • Over 2 years after the initial event, Copeland remains in recover mode with some of the IT systems still in the process of undergoing remediation. Some data has been subject to total loss.
  • Ignoring the cost of the loss of productivity, the cyber attack cost the council £2.5 million
  • Our customer service IT systems recorded an average of 25000 processed service requests per anum prior to the cyber attack.
  

Comments

Post a Comment

Popular posts from this blog

Principles of Project Planning

-
Project Aim and Objectives & Scope Activity Sheet   Project Name: Gloscol VR Project   Date: 28.2.2025     1. Defining the Project Aim   The project aim outlines the broad goal or purpose of the project. It should capture the overall vision and answer the question, “What is the main purpose of this project?”   Questions to Consider     What is the overall goal of this project?     To create a virtual tour of the college that can be viewed on VR as well as a desktop or phone.       What problem is this project solving or what opportunity is it creating?     We need to mak e it easier for people to see the college through a VR lens specifically those who cannot entire the college. Or can’t attend open evenings       Who will benefit from this project (stakeholders, customers, team members)?     The main stakeholders of the project are the potential students coming to the college w...
Read more
-
Global RTS The trip was in the morning on the 28th March 2025, Will and Patrick organised it. The purpose of the trip was to gain experience in the aviation industry, specifically air traffic control, using a simulator. We were shown how there simulators work and we were shown how to use them as well as being able to communicate using the aviation alphabet. We met people who worked there, learning how to become an air traffic controller. We used there main sim that used 4 big TVs to show a graphically simulated view of a run way from the view of a tower. We also communicated with headsets to simulate how real air traffic controllers communicate to pilots.
Read more