The 1980s brutalism of the British Library in London has been likened to an unwelcoming fortress, and yet the intimidating appearance was no help when ransomware attackers decided to pay it a visit last October.
In what is turning out to be one of the worst incidents ever to hit a public U.K. organization, over several days the famous institution’s website went down, its Wi-Fi stopped working, its email went offline, and the online catalog used by visitors became inaccessible.
Days of disruption turned into weeks, weeks turned into months, with the only glimmer of progress being the online catalog returning Jan. 15, 2024.
As described by its regular visitors, it was as if the British Library abruptly reverted to a pre-digital state most of them can barely remember.
Going back to pen and paper is a big problem for an institution used to receiving up to 1.5 million people through its doors each year. Even simple things– for example, the tills in the gift shop – stopped working.
As a journalist wrote after recently touring its near deserted vaults and walkways: “You expect some silence in a library. But not this much.”
The ransom fee reportedly demanded by the Rhysida gang to release encryption keys and not release stolen data? £600,000 ($750,000). The cost of reinstating systems over many months? One estimate puts that at £7 million (almost $9 million).
The British Library refused to pay up, opting instead for the long haul. The criminals eventually released a 600GB cache of library data, including employee passport details.
Taking Down Critical National Infrastructure
The British Library’s struggles made a fitting backdrop for a report published in December by the Joint Committee on the National Security Strategy (JCNSS), a Parliamentary committee that takes evidence on security threats facing the U.K.
After listening to submissions from experts, the report concluded that the risk that a major incident would take down critical national infrastructure (CNI) is now entirely possible.
It imagines an attack on the energy grid of the South East of England and London which results in rolling energy blackouts for weeks. The price of such an event would be a year of disruption and at least £16 billion (approximately $20 billion) of extra government spending.
The fact that a growing number of ransomware threat groups behave like proxies for the Russian Government only adds to the Committee’s pessimistic outlook.
The Committee recommends investing in better cyber-resilience, but what does this mean? Not long ago, most of what the British Library did happened on paper. Now it’s all based on computers. Countries such as the United Kingdom are like giant versions of this digitalization phenomenon.
In terms of cybersecurity, digitalization has become an experiment built on hope. It makes many things faster, easier, and perhaps cheaper. It also makes it more vulnerable in ways nobody has been paying much attention to.
The British Library holds a copy of the Magna Carta, original song lyrics by the Beatles, and a precious Shakespeare First Folio. That this can be taken away in minutes by a small gang of criminals in Russia is a warning.
