28 May 2024
Restoring our services – 28 May 2024 update
Readers of this blog will be aware that in March we published a detailed paper on the cyber-attack that the Library suffered in late October last year. The report’s primary purpose was to share lessons from our experience, so that other organisations can be better protected from similar attacks in the future.
But it also laid bare, as candidly as we could, the scale and destructive impact of the attack. The damage we experienced was substantial and will be complex and challenging to repair. Although we are confident that our data, digital holdings and digitised collections are safe and intact – either through back-ups or because they were not targeted in the attack – many of our legacy IT systems were encrypted, damaged or deleted.
The sheer complexity of rebuilding these systems (or workable versions of them) has meant that for the researchers who depend on our resources the months since the attack have been deeply unsettling and frustrating – not least because of the inevitable uncertainties over the exact timetable for restoration of different Library services.
With that in mind, I thought it would be useful to provide an update on the service improvements users can expect to see over the next few months, as well as some context on the process that lies behind the work of recovery.
Access to more collection items held in Boston Spa – July
Work is currently underway to restore access to the collections held in our large automated storage facilities at Boston Spa, which will result in the vast majority of our collection becoming available to users once again. The work to restore access to the items held in the Additional Storage Building is advancing well, and this collection – comprising some 262 linear kilometres of books and other items – should become available again for use by Readers in both St Pancras and Boston Spa by the end of July.
The work to restore access to materials held in the National Newspaper Building is more complex and is likely to take longer. In the meantime, however, users can find a wide range of newspaper titles available in microform in the Newsroom at St Pancras.
Digital collections acquired through Non-Print Legal Deposit (NPLD) – August
Another of our priorities is to restore onsite access to digital collections that we have acquired through Non-Print Legal Deposit (NPLD), including e-journals and e-publications. Our loss of access to these collections has also affected the other Legal Deposit Libraries (the National Library of Wales, the National Library of Scotland, the Bodleian Libraries, Cambridge University Library and Trinity College Dublin) as their access systems depended upon our own, which has been offline since the cyber-attack.
We have been working with our Legal Deposit Library partners to restore access to NPLD materials that were deposited prior to the cyber-attack (October 2023) and we now expect this to be available, in some form, by August. We are continuing to explore different options for collecting and storing items deposited after October 2023, and will share more details about these arrangements as they are confirmed.
Learning websites and digitised manuscripts – September
For the Library’s global community of users on the web, the absence of our online and digitised resources has been keenly felt. Two early priorities for restoration are the web pages providing access to the Library’s unique collection of digitised manuscripts, and our popular Learning resources, including Discovering Literature. Work is under way on both of these, with the aim of getting them online again by September, in time for the start of the new academic year.
The complex work of recovery
Understandably, some users have asked why it was not possible for services such as these to be simply ‘switched back on’ following the attack.
The answer is that it’s because of the particularly destructive nature of this attack: all of these service restorations, and those to come further down the line, are dependent on the successful installation of a completely new computing infrastructure for the entire Library, to replace the servers destroyed by the attackers – a major operation which began soon after the attack and will complete next month.
Once that is in place, the reloading of all the Library’s data can finally begin – a painstaking process which involves the sampling and checking of each dataset to ensure that no malware has been left by the attackers that could be reactivated once a file or drive is accessed. We are as eager as all our users to see these vital resources returned to use, but I hope you’ll understand that we must take a ‘safety first’ approach to the process of restoration.
Please do keep an eye on this blog for future updates as the Library’s journey of recovery continues. For now, I would like to thank you once again for your patience and understanding as we recover from this dreadful attack, and to bear with us as we restore more and more of our physical and online resources over the course of the next few months.
Sir Roly Keating
Chief Executive