Malicious email volume

The request was refused by Radioactive Waste Management Limited.

Dear Radioactive Waste Management Limited,

Please find below my FOI request regarding malicious emails sent to the department.

The date range for the requests is from 2018 to present day. The data shall include a breakdown by year and by individual departments (e.g. separate departments, agencies, or public bodies within the main government agency), if applicable.

1. How many malicious emails have been successfully blocked?
2. What percentage of malicious emails were opened by staff?
3. What percentage of malicious links in the emails were clicked on by staff?
4. How many ransomware attacks were blocked by the department?
5. How many ransomware attacks were successful?

Yours faithfully,
Rebecca Moody

rwmfeedback,

1 Attachment

 

Thank you for contacting Radioactive Waste Management (RWM).

 

Please note that following UK Government advice for COVID-19, the
Enquiries line  is working remotely. Over this period it may take us a
little longer to acknowledge and respond to your email. We appreciate your
patience during this difficult time.

Under normal circumstances we aim to respond to enquiries quickly and
efficiently, with an acknowledgement being issued within 3 working days of
being received.

  

In the interim if you would like more information regarding our work with
communities, the siting process, RWM or the Geological Disposal Facility
(GDF) please visit us at:  [1]https://geologicaldisposal.campaign.gov....

    

Again, thank you for your contact and you will hear back from us very
soon.

 

Kind regards

 

[2]RWM_Logotype_CMYK standard size

 

References

Visible links
1. https://geologicaldisposal.campaign.gov....

RWM Feedback,

This email is protectively marked OFFICIAL

Dear Rebecca Moody,

Case Ref: FOI 05041

Thank you for your request for information below received on 12 November.

We are considering your request under the terms of the Freedom of
Information Act 2000 and a response will be issued to you as soon as
possible and no later than 10 December.

Please remember to quote the reference number above in any future
communications related to this request.

Kind regards,

Jane Ivey
Freedom of Information Manager
 
W: [1]gov.uk/rwm - [2]Geological Disposal

[3]Twitter and [4]LinkedIn
[5]Sign up to our e-bulletin

[6]RWM_Logotype_CMYK standard size

Radioactive Waste Management Limited is a limited company registered in
England and Wales with registered number 8920190. Registered office:
Building 329 West Thomson Avenue, Harwell Oxford, Didcot, England, OX11
0GD. 

Please consider the environment before printing this email.

show quoted sections

RWM Feedback,

This email is protectively marked OFFICIAL

Dear Rebecca Moody,

Ref: FOI 5041

Thank you for your information request received on 12 November for the
following:

Please find below my FOI request regarding malicious emails sent to the
department.

The date range for the requests is from 2018 to present day. The data
shall include a breakdown by year and by individual departments (e.g.
separate departments, agencies, or public bodies within the main
government agency), if applicable.

1. How many malicious emails have been successfully blocked?
2. What percentage of malicious emails were opened by staff?
3. What percentage of malicious links in the emails were clicked on by
staff?
4. How many ransomware attacks were blocked by the department?
5. How many ransomware attacks were successful?

I have treated your request under the Freedom of Information Act (the FOI
Act).

I can neither confirm nor deny whether Radioactive Waste Management (RWM)
holds information relevant to your request. If held, this information
would be exempt from disclosure under FOI Act Section 24(2) national
security and Section 31(1)(a) prevention and detection of crime.

Under Section 1(1)(a) of FOI Act, a public authority is required to
confirm whether it holds the information that has been requested, however
Section 24(2) provides an exemption from this duty where the information
is required for the purposes of safeguarding national security.

RWM provides radioactive waste management solutions and we are currently
engaging in discussions to identify a site for a UK geological disposal
facility for higher activity waste. If held, disclosing information about
ransomware incidents, our IT security, structure or software applications
would provide details that someone could use to attempt to breach our
networks and thus adversely affect our ability to protect our information
and IT systems and safeguard national security. We therefore consider the
exemption is engaged.

Section 24(2) of the FOI Act is a qualified exemption, which means that it
is subject to a public interest test. We acknowledge the public interest
in openness and transparency, but we consider that there is a greater
public interest in protecting national security. If RWM were to hold the
information you have requested, there is a substantial public interest in
not jeopardising the resilience of RWM’s IT security given the adverse
repercussions that could flow from unauthorised access to our IT systems.
We have therefore concluded that the public interest in maintaining the
exclusion from the duty to confirm or deny outweighs the public interest
in disclosing whether RWM holds the information that you have requested.

Section 31(1)(a) of the FOI Act states that information is exempt from
disclosure if it would or would be likely to prejudice the prevention and
detection of crime. Section 31(3) provides an exemption from the duty to
confirm or deny whether information is held. We consider that, if held,
disclosing information about ransomware attacks or our IT operating
systems would reveal details which would be likely to assist those who
wish to look for known vulnerabilities and attempt to breach our networks.
This would leave RWM more vulnerable to cyber-crime.

This exemption is also subject to a public interest test. RWM has a duty
to safeguard its information from loss, theft, inappropriate access or
destruction. We consider that confirming whether or not RWM holds the
information you have requested could be combined with other information
already in the public domain. This would assist a determined attacker
meaning that the risk to RWM’s IT systems as a result would be real and
significant, particularly in view of major cyber-attacks that have
occurred in other organisations in recent years. We therefore consider
that the factors in maintaining the exemption outweigh the public interest
in disclosure.

For the avoidance of doubt, the fact that Sections 24(1) and 31(1)(a) of
the FOI Act have been cited should not be taken as an indication that the
information you have requested is or is not held by RWM.

If you are unhappy with the way in which RWM has dealt with your request,
you have the right to require us to review our actions and decisions. If
you wish to request a review, please reply to this email or write to me at
[1][RWM request email] within 40 working days of receipt of this
response. You will receive a full response to your request for review
within 20 working days of its receipt.

Please remember to quote ref FOI 5041 in any correspondence about this
request.

If you are not content with the outcome of the internal review, you have
the right to apply directly to the Information Commissioner for a
decision. The Information Commissioner can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

[2]https://ico.org.uk/make-a-complaint/

Kind regards,

Jane Ivey
Freedom of Information Manager
 
W: [3]gov.uk/rwm - [4]Geological Disposal

[5]Twitter and [6]LinkedIn
[7]Sign up to our e-bulletin

[8]RWM_Logotype_CMYK standard size

Radioactive Waste Management Limited is a limited company registered in
England and Wales with registered number 8920190. Registered office:
Building 329 West Thomson Avenue, Harwell Oxford, Didcot, England, OX11
0GD. 

Please consider the environment before printing this email.

show quoted sections