Cyberattacks (Public Bodies)

– in the Scottish Parliament on 16th September 2021.

Alert me about debates like this

Photo of Tess White Tess White Conservative

5. To ask the First Minister what action the Scottish Government is taking to prevent cyberattacks on public bodies. (S6F-00250)

Photo of Nicola Sturgeon Nicola Sturgeon Scottish National Party

We work closely with public sector bodies to raise the baseline standard of cybersecurity in line with guidance from the United Kingdom National Cyber Security Centre. A dedicated policy team together with a range of partners are delivering the strategic framework for a cyber-resilient Scotland across the public, private and third sectors to further build our cybersecurity and resilience capabilities.

The Government shares cyber threat intelligence, including during real-time incidents, as part of its early warning process; provides regular training, advice and support to the public sector; and encourages regular exercising and cyber incident response planning.

Photo of Tess White Tess White Conservative

Audit Scotland has warned that cybercrime is a

“serious risk to Scotland’s public sector”.

Twenty-seven separate attacks have been recorded since 2017. Given the considerable cost to the public purse of the ransomware attack on the Scottish Environment Protection Agency in December 2020 as well as the on-going impact on its operations, is the Scottish Government satisfied that public bodies have achieved the standards that are set out in the Scottish public sector cyber-resilience framework?

The First Minister:

I thank Audit Scotland for the work that it has done on the issue. However, with the greatest respect to Audit Scotland, I do not think that any Government is under any illusion about the threat of cyberattacks in our countries to the public sector, the private sector and, indeed, Governments themselves. We take the risk extremely seriously.

There have been significant cyberattacks on public sector organisations in Scotland—obviously, SEPA is a case in point—and the question whether we are satisfied that public sector organisations are taking all the appropriate steps is a reasonable one. We are working with them to ensure that that is the case. I would hesitate to sound as if I am complacent about the matter—indeed, every Government should hesitate to do that—because there is a real, present, ever-changing and evolving risk. We must ensure that, on a day-to-day and week-to-week basis, we provide the protections and support the public sector to do likewise. We will continue to do that.

Photo of Christine Grahame Christine Grahame Scottish National Party

I am sorry, Presiding Officer. I thought that we were going to finish that question.

A fair work joint statement on Covid, which was agreed by the Scottish Government and organisations such as the Convention of Scottish Local Authorities, the Scottish Trades Union Congress and the Institute of Directors, states—

The Presiding Officer:

I am sorry, Ms Grahame, but I think that there has been a slight misunderstanding. I am taking supplementaries on specific questions as we go along. There may be an opportunity for you later.

Photo of Christine Grahame Christine Grahame Scottish National Party

My question is not on that issue. I thought that we were on to general questions.

The Presiding Officer:

In that case, we move on to question 6.