In the online world, the collected personal data of citizens is
valuable, and whole organisations' operations can be brought to a
halt in order to extract a ransom.
Today's public sector organisations face a constant threat of
cyber-attacks. Recent cyber-attacks on public sector bodies in
London such as the British Library, NHS Synnovis and Hackney
Council have paralysed those institutions – suspending normal
operations for months and costing millions to recover.
The Transport for London (TfL) cyber-attack in September 2024
took place just as the GLA Oversight Committee
launched its investigation into cyber security at the Greater
London Authority (GLA), giving real-time experience of the threat
and the work required to mitigate it. While information remains
limited even a year after that attack, in part due to ongoing
criminal cases, this report sets out what information is publicly
available about the attack and how it impacted the GLA, which
shares some of TfL's IT systems.
The GLA Oversight Committee has published its
report on Cybersecurity today, which makes a
number of recommendations, including;
- The GLA and its functional bodies should develop an approach
to measuring and monitoring its cyber security investment and
pay, and how this can be benchmarked with others in the public
and private sector.
- The GLA should use its chairmanship of the London Resilience
Forum (LRF) to maintain a proportionate focus on cyber resilience
in London, developing expertise and agreement on how the LRF and
constituent organisations would respond to a successful major
cyber incident in London.
- The GLA should confirm that the GLA has tested and proven
plans and contingency arrangements in the event of a cyber
incident that prevents staff from accessing their emails and
files.
- By the end of this 2025-26 financial year, the GLA should
work with TfL to run its own cyber security exercise considering
the response to an attack targeting the GLA.
Former Chairman the GLA Oversight Committee,
AM, said:
“Just before we began this investigation, TfL suffered its
biggest cyber-attack in history with critical impacts across the
system. It also affected the Greater London Authority (GLA) which
was part-way through a shared services transition onto TfL's
digital platforms. This incident underlined the importance of our
investigation and the need to review our
defences.
“The TfL attack caused headlines and shocked the nation when
it was discovered the instigator was not a global criminal group
operating from a complex technological centre but a teenager from
the UK in their bedroom.
“Resilience to a cyber incident is a critical concern. For
the sake of Londoners, we seek further assurance from that the
GLA and its associated bodies that everything possible is being
done defend against the next attack. In that context, this report
makes eleven recommendations intended to strengthen the GLA's
approach to cyber security here in London.“
