Scottish Parliament subject to ‘brute force cyber-attack’

In an email warning to staff, Paul Grice, the Chief Executive at Holrood said the attack targeted parliamentary IT accounts. Picture: JP
In an email warning to staff, Paul Grice, the Chief Executive at Holrood said the attack targeted parliamentary IT accounts. Picture: JP
0
Have your say

The Scottish Parliament’s IT security systems have identified a ‘brute force cyber-attack’ currently underway from outside the government.

In an email warning to staff, Paul Grice, the Chief Executive at Holyrood, said the attack targeted parliamentary IT accounts in a similar way to that which affected the Westminster Parliament in June.

Mr Grice wrote: “The Parliament’s robust cyber security measures identified this attack at an early stage and the additional security measures which we have in readiness for such situations have already been invoked.

“Our IT systems remain fully operational.

He added: “Particular care should be taken in opening any emails from external sources.”

Staff were urged to change their passwords.

The hack of Parliament systems is the latest in a rising number of cyber-crimes targeting the public sector.

Last month, The Scotsman revealed almost 60 per cent of Scottish councils and more than half of Scotland’s health boards have been targeted by cyber criminals since 2014.

Nine universities and numerous government bodies have also been hit during the last three years, the investigation found, with some local authorities reporting being bombarded with thousands of spam emails and receiving ransom demands to decrypt data.

Westminster IT experts reported hackers had mounted a “determined attack” on all user accounts “in an attempt to identify weak passwords” in June 2017.

Gerry Grant, Chief Ethical Hacking Consultant at the Scottish Business Resilience Centre, said: “The employees and staff of the Parliament are high probably seen as high value targets due to the possible access that they have to sensitive information. It may be the case that the attackers are out to prove a point.

“An attack such as this one is not particularly subtle and it is good to see that the Parliament have identified that there is unusual activity relating to logging in to accounts. This should be done as standard.

“Organisations need to train their staff in how basic cyber security in the same way that they train staff on Health and Safety.”