Thimbles & Care

Time to examine the anatomy of the British Library ransomware nightmare.

The Rhysida ransomware attack on the British Library last October didn’t have the visceral physical aspect that creates a folk memory, but it should for anyone who makes enterprise IT. Five months on, not only are significant systems not restored, they’ve gone forever. Remedial work and rebuilding is going to drain cash reserves intended to last seven years. It was and is bad. What makes it even more exceptional is that we now know what happened and why.

The gories are all in a substantial, detailed report released by the British Library itself. It’s a must-read if your life involves any risk of a 2am phone call demanding you drive to the datacenter, even more so if it’s the CEO pulling up the Teams meeting in ten minutes. Truth is, it’s worth much more than a read, once you realize what the report represents. To get there, let’s look at what the institution actually represents.

…

If you have any years on you in this game, you will have first-hand experience of some of the factors identified in the report as enabling the disaster. Legacy systems too old to be safe, too expensive in time and money to replace, while more pressing needs exist. People who are asked to do too much with too little. The deadly inertia of complexity. New projects that leave older systems to wither in the shade. Security that rigorously defends against the wrong thing. The report is, as befits the institution itself, a comprehensive catalogue of important stories.

I don’t pretend to have any skill at budgeting, but I fear that too often asking “how much will it cost to do this?” is not balanced with asking “how much might it cost if we don’t do this?”