You asked
I would like to know how many attempts - successful or non-successful - minor cyber attacks have been carried out on departmental computers over the past three years: 2013, 2014 and 2015.
I want to know about the following types of attacks:
- DDoS (Direct Denial of Service)
- Adware
- Phishing
- Tampering
- Spoofing
- Bluejacking
- Password attacks
We said
We consider the knowledge of attempts - successful or non-successful cyber attacks, would reveal the level of IT protection employed and therefore aid anyone wishing to launch a viral attack on departmental IT systems. As such we believe the information requested is exempted under S31(1)(a) - the prevention or detection of crime. To use this exemption we are required to consider the public interest test, and whilst we note there are public interest arguments in favour of transparency and disclosure we have decided that these are outweighed by other public interest factors that are in favour of non-disclosure. Principally we consider that release of the information requested would prejudice our ability to maintain and run a secure and safe IT network. This is an essential function for all government departments and is particularly important for ONS which processes personal and economic information on its systems.