Request
A
How many (if any) cyber-attacks have there been on States of Jersey departments since 1 January 2013.
B
For each separate attack, please provide
i) The type of attack
ii) The target department of attack
C
Please provide a copy of any policies you have in relation to cyber-attacks.
By “cyber-attack” I mean any unauthorised access to or deliberate disruption of a computer system or device owned or used by the States of Jersey.
Response
A and B
Due to the sensitivity of this type of incident, the information requested in questions A and B is exempt under Article 42 of the Freedom of Information (Jersey) Law 2011.
C
There are no specific policies for cyber-attacks; we have policies covering other areas of security as part of the Security Policy Framework for the States of Jersey, which is available through the following link:
States of Jersey Security Policy Framework
Exemption applied
Article 42 Law enforcement
Information is qualified exempt information if its disclosure would, or would be likely to, prejudice;
(a) the prevention, detection or investigation of crime, whether in Jersey or elsewhere;
(b) the apprehension or prosecution of offenders, whether in respect of offences committed in Jersey or elsewhere;
(c) the administration of justice, whether in Jersey or elsewhere;
(d) the assessment or collection of a tax or duty or of an imposition of a similar nature;
(e) the operation of immigration controls, whether in Jersey or elsewhere;
(f) the maintenance of security and good order in prisons or in other institutions where persons are lawfully detained;
(g) the proper supervision or regulation of financial services; or
(h) the exercise, by the Jersey Financial Services Commission, of any function imposed on it by any enactment.
Prejudice test
To engage this exemption we have first conducted a prejudice test. The information requested could be prejudicial to the prevention of crime. In this instance it is likely that the disclosure of the information requested could result in an increased risk in e-crime.
Public interest test
Since the exemption which is engaged is a qualified, not an absolute, exemption we have conducted a public interest test to assess whether, in all the circumstances of the case, the public interest in supplying the information is outweighed by the public interest in not doing so. Whilst we accept that some members of the public may be interested in this subject, this interest is outweighed by the public good (the public interest) not to disclose the information as such disclosure could result in an increased risk of e-crime.
