Scottish Parliament targeted in 'brute force' cyber attack

BBC Scottish Parliament buildingBBC
MSPs have discussed cyber security on several occasions recently

The Scottish Parliament has been targeted by a "brute force" cyber attack, officials have said.

Chief executive Sir Paul Grice said the attack, from "external sources", was similar to that which affected Westminster in June.

He confirmed the attack in a message to MSPs and staff with parliamentary email addresses, urging them to be vigilant.

Mr Grice said "robust cyber security measures" identified the attack early, and systems "remain fully operational".

Scottish NHS boards were also affected by a cyber-attack in May, leading to several discussions of cyber security at Holyrood.

Parliamentary corporate body member David Stewart told MSPs in June that an independent review of "cyber security maturity" had been carried out, and had "offered assurance that sufficient and effective arrangements are in place to manage cyber threats and risks".

He added that parliament regularly takes advice from the police, the security services and the national cyber security centre.

'Brute force'

A "brute force" attack involves hackers repeatedly trying to access systems using a range of different passwords, in the hope of effectively guessing the correct password through trial and error.

Mr Grice's email urged MSPs and staff to make sure their passwords were as secure as possible, saying that the parliament's IT team would "force a change to weak passwords as an additional security measure".

He wrote: "The parliament's monitoring systems have identified that we are currently the subject of a brute force cyber attack from external sources.

"This attack appears to be targeting parliamentary IT accounts in a similar way to that which affected the Westminster parliament in June. Symptoms of the attack include account lockouts or failed logins.

"The parliament's robust cyber security measures identified this attack at an early stage and the additional security measures which we have in readiness for such situations have already been invoked. Our IT systems remain fully operational."