The British Library is still in the process of recovering from the cyber attack it suffered towards the end of last year, and has announced a new £400,000 tender looking for security contractors to help it rebuild its infrastructure.
In October 2023, the British Library fell victim to a devastating ransomware attack which forced the institution to abandon many of its IT systems and revert to a pre-digital state to continue operating.
In the latest tender for contractors, the library said it is seeking a partner to deliver the first phase of its Web Foundations project.
The key objectives of the project include replacing the current interim website that will improve the user experience; be more robust, scalable, sustainable, and secure; and allow for quick expansion of other content areas.
The announcement acknowledged that the library originally launched a digital transformation initiative, the Web Discovery project, in 2022, but its plans were set back by the October attack which left it without access to its website or many digital assets in its wider IT estate.
The library stated it is now looking for a partnership with an agency where it can “combine the skills and knowledge of our teams and the selected agency – and collaborate in a way that builds our teams’ skills and delivers phase 1 of the project.”
British Library already committed to freeing up 40% of cash reserves for recovery
The attack on the British Library was claimed by the Rhysida ransomware gang in November, with the group launching a week-long auction for the nearly 500,000 files of data it had exfiltrated during the operation.
On 27 November, the threat group made the vast majority of the stolen information, roughly 600GB, freely available on the dark web after the British Library refused to pay the ransom.
At the time, the library stated that the leaked data appeared to originate from its human resources files, and by January 2024 it announced that it would spend around 40% of its financial reserves, in the region of £6 – 7 million, to recover from the attack.
In a post-mortem analysis of the attack, published in March 2024, the institution admitted it had been forced to learn some hard lessons in wake of the attack.
The library identified a reliance on complex legacy IT infrastructure as a factor that significantly hindered its ability to react and recover from the attack. The report stated its “historically complex network topology” allowed the attackers wider access to the network than would have been possible in a more modern network design.
Core services return slowly as legacy systems hinder recovery
In the report, the British Library added that the legacy systems that exacerbated the recovery time will need to be migrated to new versions, substantially modified, or even rebuilt from the ground up, anticipating the Web Foundations Project .
On 30 July 2024, the library announced it was still dealing with the fallout from the attack, with core services like remote ordering, online resources, non-print legal deposit content, only just coming back online, almost a year after the initial incident.
Sir Roly Keating, chief executive of the British Library stated the lengthy recovery period is a direct measure of the disruption cyber attacks like this can cause.
“[T]he time it is taking us to bring our services back is an exact measure of the destructiveness of the original attack, which targeted our core computing infrastructure”.
Keating added that as well as rebuilding the affected systems, already a time-consuming process, the organization has also been continually scanning its vast array of datasets to ensure no malware or viruses had persisted on the network following the intrusion.