Members of Cheltenham Borough Council are reported to have issued warnings of the threats posed from targeted cyberattacks orchestrated by foreign powers. They have expressed concerns that the risks involved could result in essential services being rendered incapacitated.

A history of attacks against local authorities

Councillors in Cheltenham recently discussed an incident that involved hackers targeting local authorities successfully during a recent committee meeting designed to audit governance and compliance.

In 2020, a cyberattack launched against the Borough Council of Redcar and Cleveland’s computers and dedicated website cost over £10m and approximately 135,000 individuals were impacted, deprived of public services that up until then were easily accessible online.

Another dedicated attack that selected Hackney Council as its chosen victim resulted in a string of IT problems that affected a number of services, including land search request processes.

An audit conducted recently indicated that not only is Cheltenham Borough Council prepared for an attack but has technical controls in place designed to act as a preventative measure against attacks happening. Despite this, council auditors still believe there is a possibility that a well-aimed malware attack could successfully strike out at the local authority and impact its work and services.

Cllr Flo Clucas of Cheltenham commented that Hackney Council had experienced considerable difficulty in attempting to return its services to normal status. The recent meeting saw her ask council officers if they knew of similar incidents impacting Cheltenham’s operations:

“We actually had warnings over the course of the last year in relation to organisations holding other local authorities to ransom. The more we know about this, the safer we as an organisation, our officers who work here, and the people who live in Cheltenham and the businesses we have will be.”

Cllr Clucas asked that an official report be compiled outlining potential issues resulting from cyberattacks, which could then be shared among local councillors.

The appropriate protection levels in place

The Council officer at Cheltenham reported that they were currently unaware of any local issues regarding cyber threats. They confirmed that the local authority had specific systems instated to prevent the possibility of an attack on both council devices and the website.

Darren Knight, the Council’s Executive director for people and change, commented:

“The reality is we are being attacked constantly and it’s the controls we’ve got in place that is why we have not succumbed to some of the more distinguished things that are in the press at the moment.”

He added that Cheltenham Council had received a report on the incident at Redcar Council and would take the learnings from the attack to inform members of the local authority.

Guy Maughfling, Cheltenham Borough Council Chairman, commented that multiple cyberattacks were happening around the world on a daily basis but stated that so far, the Council’s current measures had been able to protect against assaults:

“To date we have the right processes and controls to prevent those attacks from being successful.”

Since they provide vital services to the local communities they serve and retain extensive records packed with personal information, local governments are ideal targets for a ransomware attack.