Ealing promises new USB approach

Friday, September 04, 2009

Ealing Council has estimated that a recent computer virus cost it £500,000. In response it is considering spending another £622,000 to ensure the council is secure

In May 2009, the council became infected with the Conficker D virus. This led to a severe disruption of council services, with a complete shutdown of all network and internet services. The worm infiltrated the council's network when an employee plugged in an infected memory stick to a council computer.

The council spent approximately 12 days tackling and removing the infection from its core network at great expense. In a review of the council's response, produced by senior managers within the council, it was estimated that the infection cost the council £500,000.

The report said ICT recovery costs were £202,000. This included a proactive approach to refresh all hardware over five years old or where beyond economic repair at a cost of £120,000.

Other costs that totalled £129,000 included a loss of £90,000 due to delays in processing parking tickets; and emergency IT support and lost income for the library service at a cost of £25,000.

Ealing Homes, the council's housing service provider, also estimated losses of £170,000. This included £100,000 from an increase in tenants' rent and arrears and £40,000 due to Ealing's reduced ability to check invoices and orders for the repairs budget.

The report blamed the infection on the council's continued use of Windows 2000, an operating system that does not allow the user to secure USB ports. To upgrade to Windows XP, which has suitable security built-in, would cost the council £502,000. But in a worse case estimate, which includes adding two types of encryption software, it could cost up to £622,000.

A new removable media policy has also been adopted by the council, forcing all staff to provide an ongoing business case if they wished to use any portable media. Staff would also be expected to register any media with the IT department.

"Despite the widespread impact and time taken to recover, particularly the remote sites, Ealing coped at least as well, if not better, than other local authorities attacked by the same virus," the report concluded.

"There are obviously lessons learned from the way the incident was handled in terms of coordination and communication. However it's worth noting the significant amount of effort put in during the incident by our partner Serco and Ealing staff in order to [resume] services as quickly as possible."

It added that no data was corrupted and the server infrastructure remained protected.

SanDisk's Jason Holloway said the infection underlined the fact that USB drives have become a key method for spreading infection stealthily.

An Ealing spokeswoman said: "Like many other organisations, Ealing Council's computer and telephone network was attacked by a sophisticated virus. The council acted immediately to protect all data and ensure that essential frontline services could continue to operate."