A case of when, not if – the reality of Cyber-attacks

In the online world, the collected personal data of citizens is valuable, and whole organisations’ operations can be brought to a halt in order to extract a ransom.

Today’s public sector organisations face a constant threat of cyber-attacks. Recent cyber-attacks on public sector bodies in London such as the British Library, NHS Synnovis and Hackney Council have paralysed those institutions – suspending normal operations for months and costing millions to recover.

The Transport for London (TfL) cyber-attack in September 2024 took place just as the GLA Oversight Committee launched its investigation into cyber security at the Greater London Authority (GLA), giving real-time experience of the threat and the work required to mitigate it. While information remains limited even a year after that attack, in part due to ongoing criminal cases, this report sets out what information is publicly available about the attack and how it impacted the GLA, which shares some of TfL’s IT systems.

The GLA Oversight Committee has published its report on Cybersecurity today, which makes a number of recommendations, including;

• The GLA and its functional bodies should develop an approach to measuring and monitoring its cyber security investment and pay, and how this can be benchmarked with others in the public and private sector.
• The GLA should use its chairmanship of the London Resilience Forum (LRF) to maintain a proportionate focus on cyber resilience in London, developing expertise and agreement on how the LRF and constituent organisations would respond to a successful major cyber incident in London.
• The GLA should confirm that the GLA has tested and proven plans and contingency arrangements in the event of a cyber incident that prevents staff from accessing their emails and files.
• By the end of this 2025-26 financial year, the GLA should work with TfL to run its own cyber security exercise considering the response to an attack targeting the GLA.

Former Chairman the GLA Oversight Committee, Emma Best AM, said:

“Just before we began this investigation, TfL suffered its biggest cyber-attack in history with critical impacts across the system. It also affected the Greater London Authority (GLA) which was part-way through a shared services transition onto TfL’s digital platforms. This incident underlined the importance of our investigation and the need to review our defences.

“The TfL attack caused headlines and shocked the nation when it was discovered the instigator was not a global criminal group operating from a complex technological centre but a teenager from the UK in their bedroom.

“Resilience to a cyber incident is a critical concern. For the sake of Londoners, we seek further assurance from that the GLA and its associated bodies that everything possible is being done defend against the next attack. In that context, this report makes eleven recommendations intended to strengthen the GLA’s approach to cyber security here in London.“