The British Library has published a report on what it has learned from the cyber incident that paralysed its IT systems in October of last year.
The move has come while it continues to feel the effects of the ransomware attack, with its website stating that online systems and services, as well as some on-site services, are still affected.
The report says the organisation has identified a server it considers likely to have been the point of entry, and is now exploring why its security measures were not sufficient to provide effective protection.
The criminal gang responsible copied and exfiltrated around 600GB of files, including personal data of library users and staff, and after failing to obtain a ransom payment put it up for auction then dumped it on the dark web.
Its methods also included the encryption of data and system and the destruction of some servers to inhibit a recovery and cover its tracks. The latter has had a damaging impact on the library’s attempts to restore its digital content, which has been hampered by the lack of a viable infrastructure.
Software problems
The paper says that major software systems, including the main library services platform, cannot be brought back in their pre-attack form, either because they are no longer supported by the vendor or will not function on the secure infrastructure that is currently being rolled out.
Other systems will require modification or migration to more recent software versions.
One of the main learnings has been that the impacts of the attack were made more severe by the unusually complex technology estate, including many legacy systems, which allowed the attackers wider access that would have been possible in a more modern network design.
In addition, the reliance of older applications on manual processes to pass data from one system to another led to multiple copies of staff and customer data being held on the network.
Among the necessary changes outlined in the report are a need for future risk assessments to include the risk of major cyber attacks, a change in culture to embed cyber security in the technology rebuild and processes, and a shift away from on-site to cloud based systems.
Lingering disruption
According to the British Library’s current website statement, some services are likely to be disrupted for several months.
It is making progress with its recovery plan, intending to introduce a new reader registration process this month, and with a priority to restore on-site access to its digital collections.
It has also contacted library users to alert them that some data has been released onto the dark web, offering them advice from the National Cyber Security Centre on protecting themselves, and is analysing its data to identify what has been compromised.
