- Has your organisation completed all of the government’s ’10 steps to cyber security’?
o Yes
o No
The Trust does hold this information. However we are holding it under section 31 (1) of the Freedom of Information Act 2000:
Information … is exempt information if its disclosure under this Act would, or would be likely to, prejudice –
(a) the prevention or detection of crime,
Section 31 is a prejudice based exemption and is subject to the public interest test. This means that before the information can be withheld, the public interest in preventing that prejudice must outweigh the public interest in disclosure. The Trust has considered the public interest test. The public interest in ensuring the safety and security of Trust systems is greater than the public interest in providing this information.
- Have you suffered Distributed Denial of Service (DDoS) cyber attacks on your network in the last year?
o Yes
o No – NO DDoS attacks have affected our services
- If so, how many DDoS attacks did you experience during 2016? n/a
- Attacks occur weekly or even daily
- Attacks occur monthly
- Less than a handful of attacks during the entire year
- Has your organisation ever been the victim of a DDoS attack which was used in combination with another type of cyber attack, such as a demand for ransom/ransomware, network infiltration or data theft?
o Yes- In December 2014 a number of websites hosted by a third party of behalf of the Trust were compromised, no data at risk but the html code in the landing page was edited and replaced with a political statement
o No
- How does your IT team detect that your organisation has suffered a DDoS attack? Any of the issues below could be symptomatic of a DDoS attack. In the above example the change to the landing page of the website identified that a compromise had taken place, however this was a compromise to the third party network not ours.
o End-users complain of a service issue
o High bandwidth spikes with other network security tools
o Infrastructure outages/failures, (e.g. firewalls went down)
o Application failures, eg. Websites going down
- Does your method of DDoS mitigation detect sub-saturating DDoS attacks of less than 30 minutes in duration, which do not typically overwhelm the network?
There is significant public interest in not providing information as this may expose the Trust to cyber attacks, therefore the response to this question is withheld under Section 31 (3) as the disclosure could prejudice the prevention or detection of (cyber) crime.
o Yes
o No
As above, the Trust does hold this information. However we are holding it under section 31 (1) of the Freedom of Information Act 2000:
Information … is exempt information if its disclosure under this Act would, or would be likely to, prejudice –
(a) the prevention or detection of crime,
Section 31 is a prejudice based exemption and is subject to the public interest test. This means that before the information can be withheld, the public interest in preventing that prejudice must outweigh the public interest in disclosure. The Trust has considered the public interest test. The public interest in ensuring the safety and security of Trust systems is greater than the public interest in providing this information.