Rob Greig
Rob Greig, Director of the Parliamentary Digital ServiceUK Parliament

"It will happen again," Rob Greig warned, just weeks after his 10-strong cybersecurity team thwarted the biggest ever attack on the UK's House of Commons and Lords.

The director of the Parliamentary Digital Service, speaking to IBTimes UK about the email breach incident in June, also revealed that a total of 200,000 attempts were made by the hacker(s).

But thanks to the fast-thinking of his team, with assistance from GCHQ's new National Cyber Security Centre (NCSC), fewer than 1% of parliamentary emails (under 90 accounts) were compromised.

The NCSC are working with the National Crime Agency (NCA), the nearest thing the UK has to the FBI, to investigate the attack, which came three months after a knife-wielding terrorist launched an assault on the Palace of Westminster in March and a month after the WannaCry ransomware attack on the NHS in May.

Some of the details about the investigation are, understandably, operationally sensitive. But Greig, who is conducting his own review of the incident, was able to divulge some new information about the attack.

His team, for instance, have discovered that the hacker(s) began probing the parliamentary IT systems on 5 June in a bid to gather crucial information on what security protocols were in place.

"They specifically hit our user accounts at a rate which meant that it wouldn't trigger our protective monitoring alerts and wouldn't trigger our accounts to locked out," Greig said. "Script kiddies don't do that, they just hit you with everything they can in every backdoor that they can try."

Automated tools were used during the attack, but the parliamentary cybersecurity team noticed the hacker(s) changed vectors when some accounts were locked in response to the assault.

"They suddenly realised that we knew," Greig said. "At that point, [on Friday 23 June], they hit us with everything that they could.

"There were 200,000 attempts [to breach], it was really noisy – anyone with any kind of cybersecurity monitoring would have spotted that."

So who was behind the massive cyber assault? "It would be naive to suggest that it was an amateur," Greig said. "All I can say is this was a reasonably well resourced attempt and they were reasonably patient in terms of their attack."

The motivation behind the attack also remains a mystery, at least for the time being. Greig, who joined parliament from the Royal Opera House more than two years ago, also said the outcome of the attack would have had a much more alarming conclusion a year ago.

"We wouldn't have been able to stop it and it's likely we wouldn't have even known that it had happened," he said. "Everyone would have been compromised."

However, Greig, a keen gamer (real-time strategy PC classic Company of Heroes is favourite of his), was able to oversee a considerable upgrade to parliament's cybersecurity systems.

"When I came here, just like every public sector organisation, it was challenged by its investment and what it could invest in and there were a number of cybersecurity risks that needed addressing," he said.

"We were in a position where we were looking at a significant risk [and] this organisation took it very seriously."

But how have MPs and peers, just some of the 9,000 users of the network, coped with the changes? "In general, the members have been absolutely brilliant," Greig said, adding that some "senior politicians" had written to him to thank him for stopping the cyberattack.