Cyberattacks

– in the Scottish Parliament at on 15 June 2017.

Alert me about debates like this

Photo of Monica Lennon Monica Lennon Labour

5. To ask the Scottish Parliamentary Corporate Body what assessment it has made of the danger of cyberattacks on its information technology systems. (S5O-01132)

Photo of David Stewart David Stewart Labour

The Scottish Parliamentary Corporate Body recognises the danger that cyberattacks pose, and our advisory audit board recently considered an independent review of our cybersecurity maturity. The review looked across the three critical security domains of technology, people and crisis management, and it offered assurance that sufficient and effective arrangements are in place to manage cyberthreats and risks. For obvious reasons, I will not go into detail, but we also take advice from the police, the security services and the national cyber security centre.

Photo of Monica Lennon Monica Lennon Labour

Is further advice available to staff and members on any actions that they can take to protect themselves from online hacking? In particular, is any advice available on the use of USB drives on parliamentary devices?

Photo of David Stewart David Stewart Labour

The member makes a number of excellent points. Cybersecurity is of course a critical risk area that organisations need to understand. It is a risk that continues to evolve and it should not be seen solely as an information technology issue. All users of the IT systems have a responsibility in the area. I recommend to all members the information security guide that is available from the business information technology office, which gives advice on actions that members should take. The BIT office has a number of tools to identify any irregular and unusual activity.

As a requirement of CGI’s contract with the Scottish Parliament, it prepares monthly reports of network performance, server capacity and certain aspects of security-related management information, including the identification of malware, the status of anti-virus software across the desktop estate and any threats that have been blocked by existing firewalls.

The Deputy Presiding Officer:

That concludes questions to the corporate body. I look forward to seeing the portions that John Mason will now receive in the canteen.