Cyber-attacks against Scottish Government logged between 2014-2016: FOI release

Information request and response under the Freedom of Information (Scotland) Act 2002.


FOI reference: FOI/17/01557
Date received: 4 July 2017
Date responded: 31 July 2017

Information requested

  1. How many cyber attacks against the Scottish government have been logged in each of the past three years?

  2. How many cyber attacks against computers in the Scottish parliament in each of the past three years?

  3. The estimated cost of protecting against cyber attacks against the Scottish government in each of the past three years, If no such estimate can be arrived at for that then I would appreciate information such as annual cost of software installed to prevent attacks or cost of outside experts to advise on improving cyber security.

  4. Please could you categorise each attempted cyber-attack under the type used – i.e. malware and virus threats, phishing emails, SQL injection attacks, etc?

Response

I shall respond to each of your questions in turn.

How many cyber attacks against the Scottish government have been logged in each of the past three years?

In common with other large organisations, the Scottish Government faces a continual and evolving threat of cyber-attacks, and we take our cyber security very seriously.

Scottish government networks, systems and websites are constantly monitored and any identified attack is automatically assessed and prioritised based on its threat profile, and dealt with accordingly.

The number and category of cyber-attacks in the last three years is set out below. It is, however, not always possible to identify or record unsuccessful incidents that could be defined as attacks, such as phising emails or those with potential malware that can be filtered before ever reaching the Scottish Government.

2014/5 – none

2015/6 – 1 – malware

2016/7 – 2 - ransomware

How many cyber attacks against computers in the Scottish Parliament in each of the past three years?

This is formal notice under section 17(1) of FOISA that the Scottish Government does not hold the information you have asked for in this part of your request.
You should seek this information from the Scottish Parliament Corporate Body.

The estimated cost of protecting against cyber attacks against the Scottish government in each of the past three years, If no such estimate can be arrived at for that then I would appreciate information such as annual cost of software installed to prevent attacks or cost of outside experts to advise on improving cyber security.

It is not possible to quantify exactly how much has been spent on protecting against cyber attacks over the past three years. To give you an accurate estimate of our investment in cyber security over the past three years, here are our cyber budget figures;

  • 2015/16 - £599,826
  • 2016/17 - £736,768
  • 2017/18 - £829,800

Please could you categorise each attempted cyber-attack under the type used – i.e. malware and virus threats, phishing emails, SQL injection attacks, etc

Details of identified cyber attacks have been provided above.

The Scottish Government focuses its cyber resources on identifying and addressing high level cyber threats.

About FOI

The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses

Contact

Please quote the FOI reference

Central Enquiry Unit
Email: ceu@gov.scot
Phone: 0300 244 4000

The Scottish Government
St Andrew's House
Regent Road
Edinburgh
EH1 3DG

Back to top