The UK government will publish a plan for handling future cloud outages after last week's AWS failure knocked out several departments.
Ian Murray, minister for digital government and data, said that the AWS outage on October 20 affected a number of departments and suppliers, although all services were restored by the evening of that day.
"It will take some time to fully understand the scale of the impact. DSIT [the Department for Science, Innovation and Technology] will be gathering a full picture of the impact on government in the coming weeks," he wrote in a parliamentary written answer to Dame Chi Onwurah, Labour MP for Newcastle upon Tyne Central and West.
DSIT will then "set out a clear approach" for dealing with cybersecurity and resilience incidents in a government cyber action plan it will publish this winter, he added.
Errors in AWS's DNS services in Northern Virginia affected many public and private sector sites and apps in the UK and elsewhere, including those run by His Majesty's Revenue and Customs (HMRC). They also affected "smart" internet-connected devices including mattresses, light bulbs, and cat toilets.
In response to another parliamentary written question from Onwurah, who shadowed DSIT while Labour was in opposition, Murray said the government reckons that up to 60 percent of its digital estate is hosted on cloud platforms, mostly those run by AWS, Microsoft, and Google.
The government does not currently have data on how this is split between those suppliers, but DSIT is developing a cloud consumption dashboard "to provide government with greater visibility of cloud usage and costs across the public sector."
Central government departments hold 41 live contracts with AWS worth a total of £1.11 billion, according to data from public sector procurement specialist Tussell. This includes a deal with HMRC worth up to £350 million between December 2023 and November 2026, although it is topped in value by the Home Office's contract for the same three-year period, worth up to £450 million.
In response to a written question from Conservative MP Sir John Hayes on what measures HMRC has in place to keep running during internet failures, exchequer secretary Dan Tomlinson replied that most core systems would continue to operate. "Internal connectivity between HMRC sites and hosted services is maintained through private, dedicated links that do not depend on the public internet," he said.
"This ensures that critical processing and internal operations can continue without interruption."
He added that some services used by citizens rely on internet connectivity but that there are business continuity plans: "These include alternative communication channels, prioritisation of essential services, and manual fallback processes where appropriate, to minimise disruption and maintain service availability."
HMRC has for several years pushed taxpayers to use its online services, increasing its vulnerability to internet problems. In January, Parliament's Public Accounts Committee accused it of deliberately providing poor telephone services to this end, including cutting off nearly 44,000 people over 11 months who had been on hold for 70 minutes.
Committee chair Sir Geoffrey Clifton-Brown described HMRC as "excavating its way to new lows in service levels every year. Worse, it seems to be degrading its own services as a matter of policy."
HMRC denied it was doing this deliberately. ®
Source: The register