Cyber Incident Victim: Scottish Environment Protection Agency
Date:
Dec 2020
Location:
United Kingdom
Summary
The Scottish Environment Protection Agency experienced a cyberattack that disrupted its contact center, internal systems, operational processes, and communications infrastructure. The agency activated business continuity protocols to maintain critical operations, including regulatory oversight, environmental monitoring, and flood forecasting and warning services, which continued functioning despite the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On December 24, 2020, the Scottish Environment Protection Agency (SEPA) publicly confirmed it had been targeted in a cyberattack. The incident disrupted the agency’s contact center operations, internal communications systems, and core organizational processes. SEPA’s immediate response involved activating pre-established business continuity protocols to maintain essential services despite the operational disruptions. Critical functions including environmental regulation, pollution monitoring, flood forecasting, and public warning systems continued operating through adapted procedures. The attack’s impact on internal systems hindered standard workflows and communication channels, though the agency did not specify whether data exfiltration or encryption occurred. No details regarding the attack vector, threat actor identity, or initial detection method were disclosed in the initial public statement. SEPA’s prioritization of regulatory and public safety services reflected the organization’s critical role in environmental protection and emergency response across Scotland.
The agency maintained service continuity through modified operational procedures while forensic investigations and recovery efforts progressed. Public communications emphasized the sustained functionality of flood warning systems during winter flooding season, a vital service given Scotland’s weather patterns. SEPA did not report observable degradation in environmental monitoring capabilities despite the cyber incident’s effect on administrative infrastructure. The contact center disruption likely impacted public and stakeholder interactions with the agency during the incident response period. No supplementary information regarding remediation timelines, data compromise, or threat actor motivations was provided in the initial disclosure. Business continuity measures remained active throughout the incident to uphold statutory obligations while technical teams addressed system compromises. The cyberattack represented a significant operational challenge but did not fully compromise SEPA’s ability to execute its environmental protection mandate during the disruption.