A cllr has voiced his concern about a Russian cyber attack hitting Middlesbrough and other local authorities. Coulby Newham Labour Cllr David Branson raised the worry at a meeting of the council’s audit committee, which took place on Thursday 25 September, as he highlighted the need to be prepared for such an event.
Cllr Branson was asking a question in relation to an annual risk report which was being presented to the committee. He was particularly curious about cyber security, a topic about which he said there had been an interesting programme on TV regarding a previous attack on Redcar & Cleveland Council.
He said: “One thing that seems to be fairly clear from these cyber attacks is they are being directed by the Russian state, this is not simply ransomware stuff, this is, I think, much more serious. One thing that was very clear from that programme is that the local authority simply did not have the resources to tackle the problem.”
He went on to say: “I think we really have to be very careful here that we have sufficient means of defending ourselves, because my personal view, and people might think I’m exaggerating, is that some stage in the future, the Russian government is going to try and take down as many local authorities as it possibly can at one go.”
Cllr Branson added that it was “nothing” to do with money, but instead was “part and parcel of their campaign against the West”. He highlighted the need to be “prepared”, aware that some might think that he was “fear mongering”, but he said that the lessons taken by neighbouring Redcar & Cleveland Council also needed to be taken in Middlesbrough.
He asked what the government thought that the council should be doing to protect the area against a “deliberate” attack on the council’s services.
Ann-Marie Johnstone, head of governance, policy and information at the council highlighted that such information was covered in a later report on the meeting’s agenda, but did clarify that the lessons learnt by Redcar & Cleveland were taken on board by Middlesbrough.
She added: “Our auditors and other auditors publish regular guidance on the nature of cyber security threats, as does the national cyber security centre issues guidance and we absolutely do learn from those.”
Gary Welch, strategic risk and health and safety manager at the council, commented how internal audits are undertaken on the council’s ICT disaster recovery. He said that following a recent check, the council had been out and purchased some new systems, “which will help protect us”.
He added that there is a new ICT head of service and when Cllr Branson asked if officers were happy, they said: “As happy as we can be”, with “dramatic” improvements over the last six months highlighted.
When it came to the discussion of another cyber-based item on the agenda, Cllr Branson highlighted the doubling of ICT/other security incidents from 19 in 2022 to 38 in 2024. Ms Johnstone clarified that this increase had come from a greater focus on recording loss of assets, mainly fobs. She said that the council had “locked down” on recording these losses and making sure that such fobs are deactivated.
