ICO examining ‘serious cybersecurity incident’ at FCDO

Written by Sam Trendall on 9 February 2022 in News

Department discloses that it was the target of an attack

Credit: FCDO/CC BY 2.0

The Information Commissioner’s Office has indicated that is “making enquiries” into a “serious cybersecurity incident” in which the Foreign, Commonwealth and Development Office was targeted.

Newly published procurement information reveals that the FCDO signed a contract with BAE Systems on 12 January; the deal covered the “provision of urgent business support” in light of the incident.

The contract-award notice indicates that the defence specialist was paid £467,325 to provide “technical architect support to analyse an authority cybersecurity incident”.

Further “deliverables cannot be disclosed… due to the nature of the incident”, according to the notice.

The deal was awarded, without any prior competition, to one of the department’s existing suppliers as it was a matter of “extreme urgency brought about by unforeseeable events”.

Related content

“The authority (the FCDO) was the target of a serious cybersecurity incident, details of which cannot be disclosed,” the notice added. “In response to this incident, urgent support was required to support remediation and investigation. The awarded supplier is the authority’s long-term incumbent service management integrator and, as such, had resources on site with significant knowledge and understanding of the authority’s infrastructure. Due to the urgency and criticality of the work, the authority was unable comply with the time limits for the open or restricted procedures or competitive procedures with negotiation.”

PublicTechnology asked the FCDO whether any data may have been breached as a result of the incident, and whether the ICO – the UK’s data-protection regulator – had been informed.

The department did not directly answer either question, but a spokesperson said: “We do not comment on security but have systems in place to detect and defend against potential cyber incidents.”

A report from the BBC claimed that unknown hackers were understood to have gained access to FCDO systems, but were detected without breaching any secret or sensitive data.

When news of the incident was first reported by The Stack, the tech publication said that the ICO had indicated it had received no contact from the department about the cyber incident.

However, in a statement issued today to PublicTechnology, a spokesperson for the regulator said: “The Foreign and Commonwealth Development Office has made us aware of an incident and we are making enquiries.”


About the author

Sam Trendall is editor of PublicTechnology. He can be reached on sam.trendall@dodsgroup.com

Share this page




Please login to post a comment or register for a free account.

Related Articles

Interview: CDDO chief Lee Devlin on the ‘move from being disruptive to collaborative’
23 May 2023

In the first of a series of exclusive interviews, the head of government’s ‘Digital HQ’ talks to PublicTechnology about the Central Digital and Data Office’s work to unlock £8bn...

Government urged to update product safety standards for internet age
15 May 2023

Parliamentary committee laments pace of progress so far in changing rules

Whitehall shared-services implementation requires funding and focus, MPs warn
9 May 2023

Public Accounts Committee warns that lack of support could imperil delivery

HMRC launches £140m procurement to support comms digitisation
26 April 2023

Five-year contract will cover all incoming and outgoing messages and ambition to operate in ‘similar ways to leading private sector companies’

Related Sponsored Articles

Proactive defence: A new take on cyber security
16 May 2023

The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...