Council catches a cold

This notice is currently running on the council’s website:

As part of the ongoing work to protect the council from a computer virus the council’s IT systems, including the website and telephone network, had to be shut down on Wednesday (20 May 2009).

The council’s main office, Perceval House in Ealing, including the Customer Services Centre is fully operational. Work on computers at other council buildings is underway.

The online payments system is currently unavailable. Engineers are working to resolve the problem as quickly as possible.

The council apologises for any inconvenience caused.

For most of the last week the council has been blighted by a virus. Things are finally getting back to normal this morning. It seems that our technical architecture is rather closely coupled and this has caused widespread disruption of many systems including phones, e-mail and the website. I know that this has affected many of the users of the services I am responsible for. Sorry. There will be a lot of hard questions asked of our technology people over the next few days and weeks I can tell you.

I visited Ealing Central Library yesterday afternoon and the staff were cheerfully coping with a difficult situation. They were able to use laptops to check books in and out so top marks for that work around. Unfortunately all the internet PCs were out which must have been an inconvenience to many users. Sorry again.

This morning I visited the customer services centre at Perceval House. I often do this as you know. It was working surprisingly well with cloakroom tickets and, again, a cheerful attitude from staff who have had a difficult week. That said it took 33 minutes to get from the front desk to see a parking agent which is my usual test. This is an unacceptably long time. There were meant to be five staff on parking issues but one was on break and one was dealing with a backlog from yesterday. The work rate from the remaining three did not seem to be up to meeting the modest demand.

There were two cashiers windows open and only one person being served so no problem there. The meeters and greeters were also working smoothly and cheerfully.

5 replies on “Council catches a cold”

Gosh, I don’t really like to kick a man whilst he’s down but…

‘..our technical architecture is rather closely coupled.’

Web site/email and telephones coupled? How did that pass any reasonable risk assessment exercise.

Organisations aren’t blighted by viruses. Organisations fail to prevent viruses infecting their systems.

Also I know of no major UK organisation whose web site, email system and phone sytem all failed at the same time for four consecutive days.

On balance I’d rather pay more Council Tax in order to have reliable digital information services.

We appreciate your saying sorry.

Eric,

Don’t let the facts spoil a good rant:

Report: Rise in virus attacks costs firms dearly

More companies suffered extensive virus infections in 2003 than in the previous year and spent on average almost $100,000 to clean up each attack, according to new research.

The Computer Virus Prevalence Survey found that last year, almost a third of the hundreds of businesses polled worldwide had suffered a virus “disaster,” defined as 25 or more computers infected by a single virus in the same incident. The report was released on Friday by the ICSA Labs subsidiary of security firm TruSecure.

“The re-emergence of ‘outbreak events’ and the success of mass-mailers in early 2004 illustrates that organizations are not making enough progress in their defense against malicious code,” Larry Bridwell, a content-security program manager at ICSA Labs, said in a statement.

The survey polled 300 randomly selected companies and found that 92 had had major virus incidents in 2003, up from 80 in the year before. The cost to recover from the incidents also increased, to almost $100,000 last year from $81,000 in 2002. Moreover, nearly 11 percent of all their machines were infected every month, according to the survey.

The numbers indicate that antivirus software isn’t proof against infection. Almost all of the companies surveyed said that at least 90 percent of their desktops have antivirus protection, but still a third of the companies suffered virus disasters.

The issues is not that such software doesn’t work, but that it is inherently reactive, Bridwell said. First, a virus has to be detected, and then a cure has to be created and downloaded to all antivirus tools.

“No matter how fast the antivirus industry is, no one can react fast enough,” he said. “Corporations are having to be much more proactive in their policies.”

The MSBlast worm, also known as Blaster, affected the most computers among the businesses surveyed, infecting almost 130,000 systems of the some 960,000 computers used by the companies. Other top threats were the Microsoft SQL Slammer worm and the Sobig and Klez mass-mailing computer viruses.

More than 80 percent of virus disasters involved one or more computer servers. The servers had to be taken down for an average of 17 hours as a result, the report said. While companies estimated the average dollar cost of a virus disaster at nearly $100,000, the most common answer was much less, at $10,000.

More than three-quarters of respondents said that outages had caused a loss of productivity, and two-thirds indicated that a major effect of an attack was to make a PC inaccessible. Corrupted files and inaccessible data were the other top virus effects.

Reference here is slightly old but I haven’t got time to find a better one. You might like to back up your assertions with some facts, however old, Eric.

Oh and another thing! Eric, you are already paying something like 5% more council tax to pay for the last administration’s Response programme which cost £50 million. This was the same project that centralised many systems and made us susceptible to single point failures.

I don’t think the current administration is going to apologise for not rushing into spending £ millions undoing all that. We’d rather use the capital for parks, street lights, heritage buildings, swimming pools, libraries, etc.

Not only are those facts well out of date but look like they were produced by a body with a vested interested in selling security solutions. Like Eric I’ve not heard of a UK organisation of comparable size suffering so much damage. For a virus to have quite such a comprehensive effect smacks of lack of basic security precautions such as:

Lack of regularly updated security software.
Failure to apply security updates to the operating systems and other software in a timely manner.
IT staff performing routine work using administratrative accounts.
Absence of internal firewalls, eg. between telephone and mail servers and the rest of the network.
Bypassing of security features in software, such as allowing Outlook to open .exe files.
Allowing users local administration rights on workstations.

This sort of thing is shoddy practice in a ten seat organisation. In one of the largest local authorities in the UK it’s inexcusable. In the private sector several people would have left the building with their personal items in a carrier bag by now but I don’t suppose that will happen here.

And why do the updates insist on refering to “protect from a virus” rather than “recover from” or “virus threat” when they mean “virus infection”?

If you want someone to write some of those difficult questions I’d be delighted to help. Seriously.

Phil

If what Mr Johnson says is true then I think you should comment on this.

Also is there some serious money to upgrade the Council IT systems in the budgets?

I agree that our roads should be upgraded, but too much is being spent on pavements which are not in serious disorder. So next year reduce pavement spending and increase infrastructure IT spending.

Comments are closed.