Scottish parliament hit in major cyber attack

null

The Scottish parliament has been targeted by a brute force cyber attack which attempted to compromise its systems.

Holyrood was hit by an attack similar to the attempt on Westminster back in June, according to chief executive Sir Paul Grice, who confirmed the attack in a message to all staff with parliamentary email addresses, including MSPs.

Blaming the attack on "external sources", Sir Paul said that all systems "remain fully operational" and praised the "robust cyber security measures" that were able to identify and shut down any risk.

In his email message, which was reported by the BBC, Mr Grice said that new password management and security services would soon come in place around Holyrood, and that the parliament's IT team would "force a change to weak passwords as an additional security measure".

Urging all staff to ensure their security provisions were as secure as possible, he added, "The parliament's monitoring systems have identified that we are currently the subject of a brute force cyber attack from external sources.

"This attack appears to be targeting parliamentary IT accounts in a similar way to that which affected the Westminster parliament in June. Symptoms of the attack include account lockouts or failed logins.

"The parliament's robust cyber security measures identified this attack at an early stage and the additional security measures which we have in readiness for such situations have already been invoked. Our IT systems remain fully operational."

The security industry was keen to point out that the news shows that no organisation is safe from the threat of cyber-attack, and that having an effective data security and encryption strategy to ensure data privacy is now an indispensable element of an organisation's wider cyber security strategy.

"Even as organisations and institutions across the UK continue to work to fortify their digital defences, hackers will stop at nothing to disrupt this and stay one-step ahead in the cyber war," said Jon Geater, CTO, Thales e-Security. 

"This latest brazen attempt to access sensitive information shows that no holds are barred in this fight: even guessing of information is on the table…and, if it fails, it will still lock out users and cause havoc when they come in for work in the morning."