Scotlands People or how to protect online information

[Guy Etchells]

The vulnerability of online records was yet again displayed last week when Scotland’s People was brought to its knees by a virus.
It is hoped the archive will be open on Monday but this may still be in doubt.

Whilst it is amazing that a national database can be brought to its knees by a virus attack this points to a rather more important point that the loss of online records also affected research in the archive itself due to reliance on online records.

The National Records of Scotland posted this message

“Technical problems mean our ScotlandsPeople search rooms will be closed until further notice, and we are offering a reduced service in our other search rooms. Please call 0131 535 1334 to check what is available before travelling to us. We are currently working to resolve the problem so please check this website for further updates. We apologise for the inconvenience. Please note that we are closed for the public holidays on Friday 25 and Monday 28 March.”

The latest update states
“Our Scotlands People search rooms will reopen from 9.00 am on Monday 4 April. We apologise for any inconvenience the closure may have caused and thank you for your patience. Please call 0131 314 4300 for any seat booking enquiries.”

However it is not certain that the problem has been fully rectified or if Scotlands People are falling back of alternatives.

Questions concerning security of databases need to be asked.
For instance:
Should the online records and the “reading room” records be accessed from the same database or should the online records be completely separate?
 Should large websites be spilt into smaller independent datasets each protected by their own firewall and antivirus software?
I would assume Scotlands People will be trying to discover how the virus entered the system, what additional protection could be put in place without slowing the access to information?

Cheers
Guy

[smudwhisk]

The ScotlandsPeople website run by FMPs parent company doesnt appear to have been affected, only the SP reading rooms computer system which suggests that the online services are on a different system. Chris Paton's blog from last Thursday has a statement from the NRS saying that the SP website itself wasn't affected.  Depending on who actually runs the Reading Rooms, its quite likely they are different systems that simply interact.  That would be the most logical way with a 3rd party company involved in just the website.

[Guy Etchells]

The ScotlandsPeople website run by FMPs parent company doesnt appear to have been affected, only the SP reading rooms computer system which suggests that the online services are on a different system. Chris Paton's blog from last Thursday has a statement from the NRS saying that the SP website itself wasn't affected.  Depending on who actually runs the Reading Rooms, its quite likely they are different systems that simply interact.  That would be the most logical way with a 3rd party company involved in just the website.

Yes quite so the FindMyPast hosted site was not affected and is not the subject of my post; but the reading rooms at the Scotlands People Centre on Princes Street and at other locations were affected showing that the SP internal network (intranet) was disrupted.

The security questions still stand.
How did the virus enter the system?
It was at first suggested this was a deliberate ransom attack rather than an accidental exposure.
http://www.rootschat.com/links/01hdx/

Why did the security fail?
Was this due to a staff error, or a file not being checked for viruses before being uploaded?
Could the virus be transferred to computers belonging to members of the public if they downloaded digital images from SP computers?

Cheers
Guy

[KGarrad]

The virus most probably entered the system via a USB memory stick? IMHO!
Or maybe someone on one of these PC's accessed a "dodgy" website, and inadvertently downloaded a virus?

So questions need to be asked about the anti-virus software used on the public computers at the reading rooms.

Is it up-to-date?
Or have budget cuts affected things?

[smudwhisk]

Guy, you mentioned online records and SP so the impression it gave, to me at least as I've never visited one of the reading rooms, was you were referring to the SP 3rd party hosted site.

KG yes USB device is a possibility, although I'm surprised that they aren't using some software, such as Citrix or for that matter any type of virtual desktop PC, to provide self-contained desktop sessions which would remove the chance of such an event happening since they have no connection to the main computer system. They can be configured to allow people to use USB devices but restricted so as not to be able to access anything but the resources viewable. Bit like the old style mainframe dumb terminals but look like a standard PC that appears to boot into windows but is just connecting to a remote session on the server.