Agenda item

ICT update – The ICT Manager will be attending the meeting to answer any questions on the member briefing note – ICT sent to members on 23 November 2012

ICT SECURITY AND OPERATIONAL ACTIVITY RELATING TO VIRUS INFECTION

A briefing note had been circulated to all Members on 23 November 2012 to keep them informed of matters relating to the virus infection of key ICT Systems and what had been done to prevent its spread and to restore service.  Mark Sheldon, Director Resources and Paul Woolcock, ICT Infrastructure Manager were in attendance at the meeting to answer any questions from the committee.

Following an introduction from the Director Resources, Members made the following comments and asked a number of questions:

• When systems go down there was an issue about how contact was made with Members and remote workers and perhaps there needed to be a system of alternative e-mails, possibly working collaboratively with other authorities to send messages out.  The loss of the computer-based telephone system at the same time as losing systems needs to be looked at for the future. Availability of remote access over the weekend is critical to Members but if the system is down on Friday afternoon it is typically not restored until Monday morning. More consideration needs to be given to weekend recovery.
• Members were concerned about the loss of moowa which had provided a convenient method of accessing outlook over the web which they could do from their place of work at lunchtime or on their county council laptop. Members highlighted that they would not be able to load Citrix or any other software onto a work machine or county council laptop which they did not administer. They requested a definitive decision on the future of moowa as Citrix was not necessarily a suitable solution unless Members were sitting at home working on their own PC or Council laptop.
• How often does the council review its antivirus software and are we using the latest products? Was there going to be an immediate review to assess whether the antivirus software being used by the council and its GO partners was fit for purpose?
• What was the nature of the virus and if it was a known virus, why was its signature not picked up by the council's antivirus software?
• If the virus did come in from a desktop system, what implications does this have for the training that had been given to staff and Members on data security?
• Was the risk of a computer virus infection now on the corporate risk register?
• In his introduction, the Director Resources said that there was no financial cost incurred as a result of the virus. If staff had been working weekends how was this the case? 
• What was the knock-on impact on future ICT budgets of any new software that may have to be put in place to safeguard systems for the future?
• Has there been any reputational damage to the relationship with our partners?
• Is there any redress against the company who has provided us with antivirus software?

In response, the ICT Manager responded that there were no current plans to restore moowa and Citrix was the preferred route. ICT did review their antivirus software and in future this would be done on a more regular basis. However he did acknowledge that a number of client machines had not been receiving any regular updates of antivirus software. This was now being rectified and future training for staff, Members and partners would also be considered as part of the review of this issue. ICT had been careful to align the products used with those of other partners in order that expertise could be shared across councils.

The Director Resources reaffirmed that any out of hours work would be covered under existing budgets with staff potentially taking time off in lieu. The investment strategy for ICT would be going to Cabinet in December and this would be updated as necessary to incorporate any recommendations as a result of this virus incident. He did not feel there had been any reputational damage as far as our partners were concerned. GO partners had been very supportive and understanding and ICT had taken steps to restore their systems as quickly as possible. Any redress against the suppliers of antivirus software was unlikely. 

The Director Resources advised the committee that he had already initiated a review of the virus situation in ICT to be undertaken by Internal Audit. This review was already in progress and he expected it to be in a position to report in the next few weeks. The review would assess the nature of the virus and make recommendations on any change to business practices as a result of the virus outbreak. It had also been recorded on the risk register.

In the meantime he had suggested that the committee consider re-forming the ICT scrutiny task group and he circulated these suggested terms of reference:

1. To consider any recommendations following the Internal Audit report in respect of ICT security and Data protection.

2. To ensure that the proposed Infrastructure Investment Strategy (to be agreed by Cabinet in December 2012) addresses specific recommendations identified by the Internal Audit report in respect of antivirus protection.

3.To consider any recommendations from the internal audit report relating to current practices around secure ICT access for staff and Members. 

Resolved that the terms of reference for the ICT scrutiny task group be agreed and they meet prior to Cabinet in December 2012 to review the proposed infrastructure investment strategy.