Council doesn’t expect systems to be fully operational until the summer after cyber attack

Share this article

A West London council has issued a detailed update on which services have been impacted by a recent cyber attack and what it means for residents.

Kensington and Chelsea Council said it’s still recovering from November’s hack and won’t have systems up and running as usual until the summer, according to an update report. It also details which services were affected and why residents may have struggled to contact the council in the immediate aftermath of the attack.

The report also calls for the establishment of a “general delegation” to manage the council’s response. This group will be beholden to the Chief Executive, Maxine Holdsworth, and report into Cabinet.

The report, titled ‘Cyber-attack – incident summary and recovery plans’, will be discussed during a Cabinet meeting on Tuesday (January 13).

How were services and residents impacted?

The council used savvy workarounds and deployed additional staff to keep basic services running. This included keeping the contact centre operation open seven days a week until the Christmas break.

Despite this, residents still faced slower response times, increased repeat contacts while the risk of missed interventions were higher. The council previously announced some personal data had been “copied and taken away”.

In the first week, all calls to the council were rerouted to its out-of-hours contractor because staff did not have access to the call handling software.

This saw walk-in numbers at the customer service centre increase as residents attended in person for queries normally handled by phone. According to the report, contact centre staff can now take calls on council systems.

A list of affected services

Adult and children’s social care teams have been operating with restricted access to case management systems, hampering attempts to keep records up to date. This has resulted in staff relying on partial or cached data to carry out assessments, reviews and safeguarding decisions.

It also means there is a backlog of work which was recorded outside the IT system which will now need inputting retrospectively.

The council said housing repairs and homelessness teams experienced a drop in calls, suggesting some residents may have been unable to report issues or have deferred contact. Backup systems are in place, and, according to the report, the Regulator of Social Housing is aware of the issue and feels safety and compliance issues are being dealt with “appropriately”.

Collecting and disbursing money is still a problem. The council relies on third party systems hosted on council servers, which were badly impacted by the hack. The council said it will need to rebuild its IT infrastructure.

The processing of the Housing Benefit and Council Tax Support has been delayed, affecting financially vulnerable residents. Council tax collection and other income streams have also been affected, prompting concerns about the council’s cash flow and year-end positions.

According to a separate council report also going before the Cabinet, officers have limited or no access to a provider’s revenues and benefits system. There has also been a suspension of routine data sharing with the Department for Work and Pensions.

There are limited emergency payments being made to foster carers, adult social care clients and recipients of Grenfell services.

Meanwhile, the council missed the December 1 statutory deadline for publishing a revised electoral register. This is being prioritised given local elections are in May. There is a backlog of registration applications and the council is concerned about its ability to process postal votes.

Planning and licensing applications cannot be processed normally and conveyancing searches are frozen, causing problems for people trying to sell a property in the borough. The council said restoring this system is a high priority.

New invoices and routine payment cycles for suppliers and staff remain “constrained” until core financial systems are fully operational. The December payroll was successful and the council has paid £5m in invoices in the system before the hack took place.

Recruitment and onboarding processes have been disrupted, making it difficult to fill vacancies and bring in more capacity. The attack has impacted DBS checks, contract processing and system access provisioning. The council is putting greater reliance on external partners to carry out some of these tasks.

What is the council doing now and when will things get back to normal?

According to the update report, the council is in a period of “containment, stabilisation, digital workaround and attestation”, which will last until mid January.

From mid January until the summer, the council will try reopening its systems “based on risk assessment and business need”. This is when prioritised systems aim to be rebooted and back online. The council will also install new technical infrastructure. In the summer, all systems are expected to be operational.

The Cabinet is being asked to approve a general delegation to take decisions necessary to help the council’s recovery programme. The Leader of the Council, Elizabeth Campbell, the relevant Cabinet Member and the Section 151 officer – essentially the chief financial officer – will also be consulted prior to any decision being made.

The delegation will be able to procure and commission external specialists, deploy additional internal resources and temporary staff and decide which systems to prioritise restoring.

According to the report, the delegation is needed for the council to “respond effectively to emerging requirements and mobilise resources quickly, while maintaining appropriate oversight and governance”.

Leader of Kensington and Chelsea Council, councillor Elizabeth Campbell, said disruption may rumble on ‘for months’.

Without it, each individual decision would require separate formal approval, creating delays and significantly hampering the council’s ability to recover and protect residents. The delegation is subject to financial and procurement protocols and will regularly report into the leadership team.

This month, emergency command arrangements – put in place immediately after the attack – will transition into recovery mode and a Cyber Recovery Board will be established. This will be chaired by the Chief Executive or another senior officer and report into the leadership team. It will provide reports to the Audit and Transparency Committee.

The council is also in constant contact with other impacted local authorities, which are Westminster City Council and Hammersmith and Fulham Council.

How much will this cost the council?

The council said recovery needs to be “value for money, quick and efficient” and will require resources and external partners. Officers are currently looking at cyber recovery packages from a number of organisations.

The council said the full financial cost of the cyber attack isn’t yet known and will depend on the duration of disruption, the scope of a system rebuild being required and the extent of data breaches. Any costs are set to come from existing budgets.

Despite this, the separate council report previously mentioned in this article shows a potential £700,000 “underachievement of savings” due to the attack. The Budget Setting and Medium-Term Financial Planning document says the costs will be “one-off in nature” but significant and will be funded from existing reserve balances.

DON’T MISS A THING

Get the latest news for South London direct to your inbox once a week.

We don’t spam! Read our privacy policy for more info.

Share this article

Related Posts