17 May 2024

Business as Usual: Leicester council’s ‘streetlight’ cyber-attack

Business as Usual: Leicester council’s ‘streetlight’ cyber-attack image
Image: Thapana_Studio / Shutterstock.com.

Leicester City Council’s response to the ‘streetlight’ cyber-attack was an example of an effective business continuity plan, says Billy Ruston, Resilience Consultant, Protection Group International (PGI).

We know that local authorities are increasingly under threat from cybercriminals. According to the Information Commissioner’s Office (ICO), attacks on local authorities have increased 24% between 2022 and 2023. The data held by organisations in the public sector and the critical nature of the services they provide the public means that they are incredibly tempting targets for cybercriminals and bad state actors alike.

The attack on Leicester City Council, whilst described as highly sophisticated, seems typical of many of the attacks targeting local authorities. Before the Leicester attack, we saw councils in Kent hit by a number of cyber-attacks at the beginning of 2024, St Helen’s council was hit by a ransomware attack in August 2023 and several British regional councils were affected by the attack on supplier Capita which was also exposed in 2023.

It is clear then that councils are under threat, directly and via supply chain partners and the number of attacks and consequences of them mean that they are increasingly headline news. This has two impacts. It decreases public confidence in their local authorities (one of the key objectives of bad state actors) and also means that general assumptions are being made about the nature and consequences of the attacks.

Councils have statutory duties under the Civil Contingencies Act, 2004. One of the statutory duties of the Civil Contingencies Act is to put in place Business Continuity Management arrangements. However, councils should not only be implementing such procedures just because it is a part of the Act.

Business Continuity planning is a good idea for all organisations whether it is a legal requirement or not. Business Continuity ensures that an organisation’s critical activities can continue at predefined service levels and within acceptable timeframes following a business disruption, such as the cyber-attack that Leicester City Council suffered.

What we have seen with the Leicester case is the Business Continuity plan coming into action. Although the headlines focused on the negative point that streetlights remained on, it was actually a strategic decision on behalf of the Business Continuity team at the council.

For local authorities, it is not acceptable to stop providing services that ensure the health, safety and welfare of their residents. It would have become clear that if systems failed then it was preferable to have the streetlights remain constantly on, ensuring the safety of the public. It is a positive reflection on the Business Continuity plan in place rather than a negative impact of the cyber-attack which the headlines focus on.

There are multiple interrelated stages to consider when implementing a business continuity management system and developing plans and incident response processes. The planning process starts with an analysis to define critical activities and understand the threat landscape. The planning process ends with validation, testing that the Business Continuity plans are effective and align with business objectives, practising response processes with key stakeholders and identifying opportunities and areas for improvement.

The key to successful Business Continuity plans is that it is not regarded as a one-off exercise but needs to be continuously monitored and improved. The Leicester example shows how ongoing testing has allowed a local authority to ensure front-line services and the safety of the public are prioritised in the event of disruption. However, for other councils having the ability or in-house expertise to ensure that Business Continuity plans are implemented and regularly tested is beyond their means. Some are turning to consultancies that can provide the expertise and experience to help local authorities have some peace of mind and importantly roll-out plans if the worst happens.

NextGov: Boosting social mobility   image

NextGov: Boosting social mobility

Carl Cullinane, director of Research and Policy at the Sutton Trust, looks at what the next government should do to deliver greater social mobility.
The flaws in ‘Clarkson’s clause’ image

The flaws in ‘Clarkson’s clause’

Following Jeremy Clarkson-inspired legislative changes around planning permission in rural areas, Kerry Booth, Rural Services Network, shares her concerns.
For your free daily news bulletin
Highways jobs

Building, Property Information and Compliance Manager

City of York Council
£47,760 to £54,463
We are looking for a motivated manager with experience of leading diverse and challenging teams. North Yorkshire
Recuriter: City of York Council

Applications Support Analyst

West Northamptonshire Council
£33,369 - £36,163
Fixed Term Contract until March 2025 (possibility to extend) Join our dynamic team as a 2nd/3rd Line Applications Support Analyst and play a pivotal role in supporting our systems and applications. This second-line position involves handling technical an Northampton
Recuriter: West Northamptonshire Council

Assistant Director for Education

Essex County Council
Assistant Director for EducationPermanent, Full Time£97,874 Per AnnumLocation
Recuriter: Essex County Council

Technician NRSWA Inspector

Derbyshire County Council
£27,507 - £29,418 per annum
Within the Highways Directorate we are looking for an enthusiastic, customer focused and experienced person to join the Service Derbyshire
Recuriter: Derbyshire County Council

Strategic Manager SEND

Stoke-on-Trent City Council
£70,999 - £74,630
Want to feel proud of your achievements every day? Stoke-on-Trent, Staffordshire
Recuriter: Stoke-on-Trent City Council
Linkedin Banner

Partner Content

Circular highways is a necessity not an aspiration – and it’s within our grasp

Shell is helping power the journey towards a circular paving industry with Shell Bitumen LT R, a new product for roads that uses plastics destined for landfill as part of the additives to make the bitumen.

Support from Effective Energy Group for Local Authorities to Deliver £430m Sustainable Warmth Funded Energy Efficiency Projects

Effective Energy Group is now offering its support to the 40 Local Authorities who have received a share of the £430m to deliver their projects on the ground by surveying properties and installing measures.

Pay.UK – the next step in Bacs’ evolution

Dougie Belmore explains how one of the main interfaces between you and Bacs is about to change.