§ Lord Harris of Haringey
asked Her Majesty's Government:
When the National Infrastructure Co-ordination Centre first became aware of the Sasser worm attack; and when it first issued an alert to systems that make up the United Kingdom Critical National Infrastructure; and [HL2709]
Given that Microsoft had made available on 12 April a patch that would have prevented the Sasser worm attack, what steps were taken by the National Infrastructure Co-ordination Centre to ensure that all systems that make up the United Kingdom Critical National Infrastructure had installed this patch; and [HL2710]
Whether Coastguard Service is regarded as part of the United Kingdom Critical National Infrastructure; and if so, what were the reasons for the service falling victim to the Sasser worm attack. [HL2711]
§ The Minister of State, Home Office (Baroness Scotland of Asthal)
On receipt of the bulletin from Microsoft, the National Infrastructure Security Coordination Centre (NISCC) issued a briefing to the Critical National Infrastructure (CNI) on 13 April at 19:15, giving details of the threat to systems posed by Sasser. This was followed by a further three alerts issued on 19, 23 and 30 April, warning of the potential of a worm and advising system owners to apply the patch that Microsoft had made available. Additional bulletins were issued on 1 and 3 May as the situation developed.78WA
NISCC has no regulatory authority and therefore can only inform system owners that patches are available and advise them that these patches should be applied.
The Coastguard Service is part of the Maritime and Coastguard Agency (MCA), which in turn is part of the Department for Transport, and forms part of the Critical National Infrastructure. The MCA is currently investigating the circumstances surrounding the infection.