On 24 December 2020, we were subject to a serious and complex cyber-attack, displaying significant stealth and malicious sophistication, which significantly impacted our organisation, our staff, our public and private partners, and the communities who rely on our services.
Since the attack, we have worked with Scottish Government, Police Scotland, the National Cyber Security Centre (NCSC) and the Scottish Business Resilience Centre (SBRC), to a clear recovery strategy.
We voluntarily commissioned reviews from independent experts to help:
We are publishing as much as we can of the reviews so that as many organisations as possible can use our experience to better protect themselves from cyber-crime and have committed to supporting Police Scotland and Scottish Business Resilience Centre in their work on highlighting the support available to organisations to be cyber ready, resilient and responsive.
Throughout our response and recovery activities, we published a weekly service status, detailing progress on our affected systems and services. We'll continue to update our service status on a weekly basis so that we’re clear on what those we work with can expect and how we'll prioritise progress.
Our current service status information.
SEPA committed to supporting regulated businesses during EU exit and COVID-19 and our response to the cyber-attack whilst maintaining protection for Scotland’s environment, communities and our people by publishing information on our regulatory approach website. As organisations re-open, we have now withdrawn this website and the temporary regulatory position statements (TRPS) it included.
You can find current information on the following regulatory positions on our website:
If you require to view a withdrawn TRPS, please contact us.
Cyber security advice: