Knowledge Matters blog

15 December 2023

Knowledge under attack

Readers sat at desks by the King's Library.

On the last weekend of October, the British Library became the victim of a major cyber-attack, the impact of which continues to be felt by our staff, our partners and our millions of users.

This was a ransomware attack, by a criminal group known for such activity, and its effects were deep and extensive. Our online systems and services were massively disrupted, our website went down, and we initially lost access to even basic communication tools such as email.

We took immediate action to isolate and protect our network but significant damage was already done: having breached our systems, the attackers had destroyed their route of entry and much else besides, encrypting or deleting parts of our IT estate. They also copied a significant chunk of our data, which they attempted to auction online and, a month later, released most of it onto their site on the dark web.

The Library itself remains a crime scene, with a forensic investigation of our disrupted network still ongoing. In parallel, our teams are examining and analysing the almost 600 gigabytes of leaked material that the attackers dumped online – difficult and complex work that is likely to take months.

Impact and response

The impact of the attack was felt in our Reading Rooms in London and Yorkshire, where collection items could no longer be retrieved, and one of our core responsibilities as the national library – free access to our collection – was put on hold. Essential digital services including our catalogue, our website and our online learning resources went dark, with research services like our popular EThOS collection of more than 600,000 doctoral theses suddenly unavailable.

We alerted our users to the scale of the disruption using our social media channels. Thankfully, we have been able to keep our physical sites open to the public throughout, and although services in the Reading Rooms remain severely limited, the public areas at our St Pancras building are as busy and lively as they have ever been with visits, events and personal study. Our exhibitions on the literature of Fantasy and the writer Malorie Blackman continue to attract the crowds, and in the very week of the cyber-attack we were able to successfully host a five-day fringe event on AI in our Knowledge Centre.

Most fundamentally, we have continued to care for our precious physical collection, and can confirm that the vast datasets held in our Digital Library System, including the digital legal deposit content that it is our statutory duty to collect and preserve, are intact and safe from harm.

Aftershocks

Although this kind of attack was something we had prepared for and rehearsed, and had taken steps to guard against, it was no less of a shock when it happened. It is our purpose to provide access to a collection of 170 million items – open to all and free at the point of use, for research, inspiration and enjoyment – and we found ourselves, that first weekend, at the receiving end of a smash-and-grab operation, and a crude attempt at extortion.

The people responsible for this cyber-attack stand against everything that libraries represent: openness, empowerment, and access to knowledge.

Our sense of outrage increased when the data the attackers stole was dumped onto the dark web. As soon as we were able to confirm it might include the data of Library users, we announced this publicly and emailed our users directly to alert them, and to encourage them to take sensible precautions to protect themselves.

We are continuing to collaborate with the Metropolitan Police and professional cyber security advisors to investigate the situation, and are receiving additional support from the National Cyber Security Centre (NCSC). Should we find evidence of specific data that has been compromised we will alert the people affected as soon as we can.

Reflections and rebuilding

Our experience of the past two months has highlighted a great paradox for knowledge institutions in the digital age. Our deep commitment to openness, access and discovery means that we fully embrace the amazing possibilities that technology enables; while as custodians of our collections we also face an ever-increasing challenge in keeping our digital heritage safe from attack.

Libraries, research and education institutions are being targeted, whether for monetary gain or out of sheer malice. Society more widely, and all of us as individuals need to be alert to this fast-evolving threat. The NCSC provides excellent guidance on staying safe online, as well as specific guidance for individuals who may have been impacted by a data breach. For better or worse, everyone working at the Library now knows a lot more about the dangers of identity fraud than we did barely six weeks ago, and I would recommend to anyone the benefit of being both forewarned and forearmed.

Restoring access

Behind the scenes, teams across the Library have been working hard to develop hybrid services and workarounds that can restore some level of access to our collection, while a much broader programme of secure infrastructure rebuilding gets underway. We are as eager as our Readers to restore access to the collection, but we need to exercise exceptional care to ensure we do nothing to compound the risk of further attack.

From early in the new year you will begin to see a phased return of certain key services, starting with the most crucial of all, our main catalogue, a reference-only version of which will be back online from 15 January, further facilitating the manual ordering which is already available in our Reading Rooms. Other interim services will include increased on-site access to our manuscripts and special collections, and a bespoke inter-library loan capability designed to serve key sectors such as health, higher education and law. Each of these offerings will initially be somewhat different from our normal service, but together they will represent a crucial first stage on our road back to normality.

We know that the journey to full recovery will be a long one, but the weeks since the cyber-attack have demonstrated to me in abundance the expertise, energy and commitment to public service of our staff. This experience has also revealed the incredible understanding and generosity of our vast national and international community of users, supporters and partner institutions, who have patiently kept faith with us as we have navigated this unprecedented challenge. On behalf of all of us at the British Library – thank you.

Sir Roly Keating
Chief Executive

.