Knowledge Matters blog

Behind the scenes at the British Library

Introduction

Experts and directors at the British Library blog about strategy, key projects and future plans Read more

08 March 2024

Learning lessons from the cyber-attack

British Library, St Pancras
Photo: Tony Antoniou

Today, we’ve published a paper about the cyber-attack that took place against the British Library last October. Our hope is that doing this will help other organisations to plan and protect themselves against attacks of this kind.

The threat of aggressive and disruptive cyber-attacks is higher than it has ever been, and the organisations behind these attacks are increasingly advanced in their techniques and ruthless in their willingness to destroy whole technical systems.

This is of especial importance for libraries and all those institutions who share our mission to collect and make accessible knowledge and culture in digital form, and preserve it for posterity. Though the motive of the attack on the British Library appears to have been purely monetary, it functioned as, effectively, an attack on access to knowledge.

The paper is informed by our expert advisers and specialists, but is our own account, updated and adapted from our internal investigations into the incident. It gives a description and timeline of the attack, to the best of our current understanding, and its implications for the Library’s operations, future infrastructure and risk assessment. Its goal is to share our understanding of what happened and to help others learn from our experience, with a section (‘Learning lessons from the attack’, pages 17-18) drawing out 16 key lessons. You can download and read it here.

We hope it will also help our users and partners understand why the disruption generated by the attack has had such an impact on our services, and why it is taking time for us to recover fully. Of course, every cyber-attack is different, and the best source of advice and guidance for individuals and organisations looking to protect themselves is the website of the National Cyber Security Centre (NCSC). We will continue to share updates on restoring our services on this blog and via our website.

We remain conscious at all times of security, and have sought to avoid providing information that could in any way aid future attacks, or inhibit the law enforcement agencies in their task of tracking down the perpetrators. The paper does not go into detail about costs, as the net financial impact of the attack is still under review, nor have we gone into detail about the organisation behind the attack, Rhysida, as this information is better available from other sources such as the specialist technology press.

Wherever possible, though, we have tried to err on the side of openness, and not everything here makes comfortable reading for ourselves as an organisation. We have significant lessons to learn about matters such as our historic reliance on a complex legacy infrastructure, which has affected our ability to restore services as quickly as we would have wished, and the varying effectiveness of different security measures across our digital estate.

We are also conscious of our duty as data controllers and deeply regret the loss of control of some personal data, for which we apologise wholeheartedly to everyone affected. We have co-operated with the Information Commissioner’s Office since the start of the incident, and will abide by the findings of any report they may publish in due course.

Whatever your perspective – whether you are a member of the public, a British Library user or staff member affected by the attack, a peer institution in the library or cultural sector, or indeed any other kind of organisation concerned about these issues – we hope you find this report useful. If the outcome is increased resilience and protection against attack for the UK collections sector and others, then at least one good thing will have emerged from this deeply damaging criminal attack.

Sir Roly Keating
Chief Executive

05 March 2024

Helping your research

Angel with monk.
Shelfmark: Yates Thompson MS 26 f039r

While our services are starting to recover from October’s cyber-attack, we’re continuing to highlight ways you can access our collection and expertise, and alternatives you may not be aware of.

Recent improvements

You can now order up to six collection items in our Reading Rooms, up from the previous limit of four. Our manuscripts limit remains at four as usual. You will need to come into the Reading Rooms to order items, and you can watch this film about how to access our collection at the moment:

How to use our online catalogue from British Library on Vimeo.

Online resources

Whether you’re looking for journals, researching your family tree or on the hunt for inspiration, you can find our collection and useful resources across multiple websites, including:

You can find more recommended resources on our website, and we’re adding more all the time.

Alternate ways to access our collection

Our curators have compiled suggestions for alternative ways to work while some of our collection is unavailable. Find out how to access:

Ask us for help

Our Reference team are here to help, whether you have a Reader Pass or not. If you need advice navigating our collection at the moment or aren’t sure how to get started, email [email protected] and we’ll get back to you as soon as we can.

22 February 2024

Restoring our services – 22 February 2024 update

Researchers at the British Library (Image: Mike O'Dwyer)
As regular users of the Library will know, our teams have been working since the cyber-attack to find ways to restore access to as much of our collection as possible, while ensuring that we do so in a way that is safe and resilient.  I am incredibly grateful to all of our users, on-site and remote, for the patience you have continued to show during this highly disrupted period for the Library.

Our recovery plan is now advancing, and I thought it would be helpful to share an indicative list of the improvements and restorations of service you’re likely to see between now and the middle of the year, by which time we hope to have restored the majority of our key services, even if the method of delivery may be unfamiliar in some cases.

Further improvements between now and Easter

  • Increased ordering limits in our Reading Rooms
  • Enhanced Reader Registration process
  • Increased access to material stored in Boston Spa

Following on from the restoration last month of our main catalogue and increased access to special collections, this month we have raised the ordering limits in our Reading Rooms so that you can now order up to six collection items per day.

In March we intend to introduce an enhanced Reader Registration process to replace the current, paper-based workaround. This new process will be more secure and will enable access to Library content for new Readers who are currently only able to use the Reading Rooms as study spaces.  This improvement will remedy what I know has been a major source of frustration to new Readers wishing to access our collection.

Also in March, we plan to restore access to material that is held at our Boston Spa site in non-automated storage locations, from where items can be retrieved manually.  This will make some 224 linear kilometres of additional content available for the first time since the attack to users at St Pancras as well as at Boston Spa itself.

Looking further ahead – April to July

  • Access to more collection items stored in Boston Spa
  • Digital collections that we have acquired through non-print legal deposit (NPLD)
  • More digital and digitised content

In the period between April and July we expect to restore access to the remainder of our collections held at Boston Spa, including items held in the automated storage facilities which were affected by the attack: the National Newspaper Building and our Additional Storage Building.

Another priority will be the restoration of on-site access to the digital collections that we have acquired through non-print legal deposit (NPLD), including e-books, e-journals and other digital published content. Lack of access to this collection has had an impact on the other legal deposit libraries (the National Libraries of Wales and Scotland, the Bodleian Libraries, Cambridge University Library and Trinity College Dublin) and the researchers that rely on them, and we are working closely with these partners to enable access to this content, in some form, by the middle of the year.

Like our physical holdings, this is a collection that continues to grow, year on year, and so we will aim to have a means to capture and store new NPLD content within a similar timescale. We expect that it will take longer to restore access to the UK Web Archive because of the scale and complexity of this collection, and we will provide further details on our plans for this as soon as we can.

Between April and July we will also be aiming to restore access to a wide range of other digital and digitised content, which are vital resources for researchers and learners across the UK and around the world.

As our recovery programme progresses we will be able to confirm more detailed dates and milestones, which we will share with you as and when they are scheduled. As I mentioned in my previous blog post, please make sure to check with our Reference Services team that the items you seek are available before making travel arrangements. You can do this by emailing [email protected]. You can also contact the Reference Services team to book one-to-one appointments online or in person, and to answer your questions and help find the information you need. 

PLR statements and payments

Irish Public Lending Right (PLR) statements were issued at the end of January, and we now expect to make payments to authors and others who receive Irish PLR next week, in line with the timetable we shared last month. UK PLR statements are due to be issued shortly and payments to UK authors and illustrators are on track to be made by the statutory deadline at the end of March.

Lessons learned and shared

I’ve mentioned previously that we are learning and noting many lessons from our experiences during the cyber-attack, as well as the challenges of recovering fully and restoring much-needed services in the aftermath. We will look to share these in the near future with everyone, including colleagues across the sector, in government and internationally.

Although the journey is a long and complex one, we are doing everything that we can to return to as full a service as possible, as soon as we safely can.

Once again I want to apologise for all the disruption that has resulted from the cyber-attack. With our recovery programme now well underway, we will have further progress to report on a regular basis in the coming months.

Sir Roly Keating

Chief Executive