Freedom of Information request - Malicious email volume
Request ID: FOI-1863-2122 Date published: 02 December 2021
You asked
Dear Crossrail Limited,
Please find below my FOI request regarding malicious emails sent to the department.
The date range for the requests is from 2018 to present day. The data shall include a breakdown by year and by individual departments (e.g. separate departments, agencies, or public bodies within the main government agency), if applicable.
1. How many malicious emails have been successfully blocked?
2. What percentage of malicious emails were opened by staff?
3. What percentage of malicious links in the emails were clicked on by staff?
4. How many ransomware attacks were blocked by the department?
5. How many ransomware attacks were successful?
We answered
TfL Ref: 1863-2122
Thank you for your request received by us on 11 November 2021 asking for information about malicious emails sent to Transport for London (TfL).
Your request has been considered in accordance with the requirements of the Freedom of Information (FOI) Act and our information access policy. I can confirm that we hold the information you require. You asked for:
malicious emails sent to the department
The date range for the requests is from 2018 to present day. The data shall include a breakdown by year and by individual departments (e.g. separate departments, agencies, or public bodies within the main government agency), if applicable.
1. How many malicious emails have been successfully blocked?
2. What percentage of malicious emails were opened by staff?
3. What percentage of malicious links in the emails were clicked on by staff?
4. How many ransomware attacks were blocked by the department?
5. How many ransomware attacks were successful?
However, in accordance with the FOI Act we are not obliged to supply this information as it is subject to a statutory exemption to the right of access to information under section 24 (National security) and section 31(1) (Prevention and detection of crime).
In this instance the exemptions apply as disclosure of the information you have requested would describe the success or failure of attempts by persons unknown to unlawfully access or disrupt our information networks, which are critical to the operation of London’s transport system. The London transport system is a critical piece of national infrastructure and as such we employ rigorous safeguards to protect it from cyber attack. Like other organisations we are subject to regular attempted cyber attacks. These attacks are unlawful under the Computer Misuse Act, and whilst the motive is not always apparent, we are aware of the risk to critical national infrastructure that may result from a successful attack.
Furthermore, release of information under the Freedom of Information Act is a release to the public both at home and abroad. Therefore TfL must consider how any potential recipient of the information might use it, rather than make assumptions about the intentions of the individual making the request.
Information regarding deployed cyber security controls and control effectiveness could be exploited by a malicious threat actor seeking to do harm to TfL, to our network and/or our passengers. This knowledge could be used to mount an attack at a later date.
We consider that releasing the information you have asked for regarding our cyber security controls and capabilities would be likely to prejudice our efforts to prevent and detect future attacks and undermine our ability to safeguard TfL’s information systems.MI5 (Security Services) has stated that: ‘Cyber espionage presents a real risk to the economic well-being of the UK. It poses a direct threat to UK national security’: [1]https://www.mi5.gov.uk/cyber.
Millions of journeys are made each day across TfL’s network and an attack directed at the running of the network may cause harm to national security by disrupting the operation of London’s transport network, with consequent economic loss.
We consider that releasing information about any type of attacks that may have been reported would be likely to prejudice our efforts to prevent and detect future attacks and undermine our ability to safeguard the London transport network.
The use of these exemptions is subject to an assessment of the public interest in relation to the disclosure of the information concerned. We recognise that there is significant public interest in understanding the level and nature of attacks recorded by Transport for London. However, we consider that there is a stronger public interest in protecting national security, which would be undermined by the disclosure of the requested information.
If this is not the information you are looking for, or if you are unable to access it for any reason, please do not hesitate to contact me.
Please see the attached information sheet for details of your right to appeal as well as information on copyright and what to do if you would like to re-use any of the information we have disclosed.
Yours sincerely
Jasmine Howard FOI Case Officer FOI Case Management Team General Counsel Transport for London