CONWY must ensure its IT systems are resilient to guard against cyber attacks of terrorism, espionage, and even from its own members of staff, warns a council report.
The council’s finance and resources overview committee will meet next week to discuss Conwy’s digital strategy as part of the authority’s corporate plan.
Within that report is a ‘Cyber Resilience’ strategy that warns that unless IT systems are continually developed, hundreds of pounds worth of damage could be caused.
Listing the ‘main’ threats to the council, the report says terrorist organisations, espionage, and ‘insiders’ pose some of the biggest risks to its IT infrastructure.
Insiders, the report defines, are council officers or ‘members’, which usually refers to councillors.
MORE NEWS: £640,000 energy bill for Conwy Council offices
Other threatening sources include cyber criminals, hackers or ‘hacktivists’, and the loss of its data centre.
Another threat listed is ‘zero day threats’, a cyber attack so new it is not detected by antivirus systems.
The report warns Conwy must continue to invest in its systems or risk hundreds of thousands of pounds worth of damage.
The reports states: “Cyber-attacks will continue to evolve, which is why we will continue to work to stay ahead of all threats.
“Given the growing reliance on IT together with frequency and complexity of attempted cyber-attacks, we will also ensure processes are in place to help minimise impact on services in the event of a successful attack or significant disruption to our IT infrastructure and systems.”
\MORE NEWS: Former councillor who spent years fighting to clear his name - honoured
As well as protecting the council’s IT systems from online attacks, the report said the Cyber Resilience Strategy sets out the protection of its information systems and data.
The report listed recent examples of cyber attacks, including an attack on the Welsh language commissioner’s office and a suspected attack on Anglesey’s schools infrastructure.
While the strategy sets out provisions to guard against attacks, the report warned systems were always at risk.
“It is not possible though to provide guarantees of absolute protection,
and consequently it is important services ensure continuity plans include provision for loss of access to infrastructure, systems, or devices for an extended period of time (potentially up to months).”
If the report is agreed, it will then go before the council’s cabinet.
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here