We don't know whether the most recent response to this request contains information or not – if you are DG please sign in and let everyone know.

Preparedness in the event of a catastrophic cyber attack

We're waiting for DG to read a recent response and update the status.

Dear Scottish Government,

This is an FOIA request about the Government’s readiness for the consequences of a major cyber attack, but first a couple of comments to put the request into context.

i. A massive cyber attack by an enemy state is a clearly foreseeable event – whether it is Russia, China, Iran or North Korea. They already engage in cyber attacks on a lesser scale but it is not beyond the bounds of possibility that they have the capacity to launch more serious attacks.

ii. The current Covid pandemic was also foreseeable, not only in real life, but also in popular culture, yet large parts of the western world were unprepared for it and we are paying the price for this with deaths that could have been prevented.

iii. On a lesser scale than Covid, but just as tragically, 72 people died in the Grenfell Tower fire, despite advance warnings by tenants of fire risks. These warnings went unheeded by those responsible for the safety of the block.

With this in mind, these are my questions:

1. Does the Goverment have a plan for coping with the consequences of a major cyber attack?

Please note that I am not asking for details of how you will get IT systems up and running again after cleansing them of viruses and malware etc., I am talking about the aftermath of a truly apocalyptic attack on major infrastructure such as the electricity distribution system, water distribution, the NHS, mobile phone networks and air traffic control systems etc.

2. To put the question more brutally does the Government have a plan to feed people if there is no electricity, no water and no means of communication?

3. If you do not have such a plan please say so.

4. If you do not have such a plan do you intend to create one?

5. If you do not intend to create one please say why not?

6. If you do have a plan is it accessible to the public?

7. If it is not accessible to the public, why not?

During the Cold War there were plans on how to live in a post-nuclear bomb world so I would hope that there are similar plans for a post cyber attack world. It was also the case that bunkers had been prepared for certain key officials to shelter in.

8. Have any bunkers been prepared for the aftermath and have any key Government officials been designated as meriting a place in the bunker? If so, which ones?

I would be grateful if you responded to this request in a spirit of openness and transparency and not to limit your response to what is technically allowed under the FOIA. The request has not been sent for the purpose of exposing deficiencies in the Government’s emergency response capabilities but out of a genuine desire to learn what the position is, and maybe even prompt the Government to examine their readiness and prepare the right response to such a disaster.

Thank you.

David Grant

Scottish Government

Our Reference: 202100184164
Your Reference: Preparedness in the event of a catastrophic cyber attack

Dear David Grant,

Thank you for your correspondence received on 24/03/2021. Your query will
be passed to the relevant area for consideration and has been given a
reference number of 202100184164. Please quote this number in all
correspondence. The Scottish Government aim to respond, where necessary,
as quickly as possible and within the stated timescale as indicated on our
website
(http://www.gov.scot/about/contact-inform...).

Yours sincerely
MiCase
Correspondence system for SG and partner agencies

The Scottish Government takes your privacy seriously. You may have written
to us because you have a question or want to make a complaint. Our privacy
notice
(https://beta.gov.scot/publications/conta...),
available on our website, sets out how we use your personal data, and your
rights when communicating with us. It is made under Article 13 of the
General Data Protection Regulation (GDPR).
********************************************************************** 
This e-mail (and any files or other attachments transmitted with it) is
intended solely for the attention of the addressee(s). Unauthorised use,
disclosure, storage, copying or distribution of any part of this e-mail is
not permitted. If you are not the intended recipient please destroy the
email, remove any copies from your system and inform the sender
immediately by return.
Communications with the Scottish Government may be monitored or recorded
in order to secure the effective operation of the system and for other
lawful purposes. The views or opinions contained within this e-mail may
not necessarily reflect those of the Scottish Government.
**********************************************************************
 

Scottish Government

1 Attachment

Please find attached a response to your correspondence.
********************************************************************** 
This e-mail (and any files or other attachments transmitted with it) is
intended solely for the attention of the addressee(s). Unauthorised use,
disclosure, storage, copying or distribution of any part of this e-mail is
not permitted. If you are not the intended recipient please destroy the
email, remove any copies from your system and inform the sender
immediately by return.
Communications with the Scottish Government may be monitored or recorded
in order to secure the effective operation of the system and for other
lawful purposes. The views or opinions contained within this e-mail may
not necessarily reflect those of the Scottish Government.
**********************************************************************
 

We don't know whether the most recent response to this request contains information or not – if you are DG please sign in and let everyone know.