The SEPE begins to recover two weeks later: how the cyberattack has affected and what delays in benefits are expected
Two weeks have passed since cyber attack on SEPE. An attack that has paralyzed employment services through the web and offices and has blocked multiple efforts for citizens. Internally, the cyberattack has exposed the deficiencies of the SEPE IT system and, according to sources internal to the body, It is “impossible” to recover the lost rhythm on time for the next payroll payment that closes at the end of March.
More optimistic is the Minister of Labor, Yolanda Díaz, who has assured during the Labor Commission of the Congress of Deputies that “no citizen is going to be late in his payment.” As the minister has announced, the SEPE is already in “full operation” and “critical services have been recovered.” However, the truth is that after two weeks there are still procedures that are not possible to carry out in the SEPE.
This is the current situation of the State Public Employment Service, what is known about the causes of the cyberattack and how it may end up affecting the beneficiaries of the benefits.
What procedures are available and what still does not work in the SEPE
Since the beginning of this week, the SEPE has expanded the services available through the electronic headquarters. In the previous days, the ERTE collective request services, the previous appointment, the communication of periods of activity and the sending of company certificates were available. Currently, it is also reported that the obtaining of certificates, the modification of bank details, the extension of subsidies and the application for benefits can be processed.
For more than two weeks, unemployment protection services had not worked through the SEPE website. According to the warning message that appears on the job portal website, work is still going on with the aim of restoring priority services and there are Procedures such as the verification of documents or the consultation of the service that are not accessible.
As the Minister of Labor describes, “today critical services have recovered such as active directories, e-mails, the web portal or the more than 8,000 jobs both in benefit offices, provincial directorates and central services “, in what he classifies as a cyberattack that constitutes” a great crime. ”
The SEPE announced this week that some procedures such as the application for benefits are now available, although it is not yet possible to carry out some actions such as consulting this information.
Díaz explains that the attack has affected Windows systems, not mobiles and tablets, and that a “clean” zone has been created on the central servers. A series of actions taken together with the national defense services, with whom we are working on a crisis cabinet created for the occasion.
Gerardo Gutiérrez, general director of SEPE, explained last week in different radio programs that “confidential data is safe. The payroll generation system is not affected and the payment of unemployment benefits and ERTE will be paid normally. ”
Up to 150,000 delayed services
The cyberattack has caused delays in various procedures and, as he explains to Digital Economy, Josetxo Gándara, CCOO representative in SEPE, It is estimated that more than 150,000 of the claims for benefits will be delayed to May.
It is difficult to calculate how many benefit claims can be accumulated in the last week, as each office and province has a different volume of activity, depending on what each autonomous community approves.
From the Ministry of Labor they assure that the benefits will arrive on time in March, but from the unions they estimate that there will be more than 150,000 demands that will arrive late as they cannot cope with the pending work of the last two weeks.
According to the CCOO, there are still connections with the outside lacking and approximately 15% of the terminals are still infected. According to these union sources, SEPE workers are using their intranet, they cannot telework and only an online service has been enabled for e-mail.
Manuel Galdeano, head of CSIF at SEPE, affirms to Capital Radio that “it has not been possible to address all unemployment benefits due to the huge number of requests we have received.” Although benefits are not expected to be affected, delays are expected.
– National CSIF (@CSIFnacional) March 22, 2021
“What worries us is the power, before the payroll closes, to recover that week taking into account the delay that we have, “says Galdeano. Some new applications that are being turned over by hand, according to CSIF. To alleviate the problems, the SEPE will automatically renew the application for job application. Those who have already registered their benefit before March 9, they should not suffer delays in paying them, according to the Ministry of Labor.
Carme Artigas, Secretary of State for Digitalization and Artificial Intelligence, declared in Congress that the action against the cyber attack “has been very fast”, since other governments “have taken six and seven months to re-establish their system”.
The government’s intention is to update SEPE equipment. As the minister explains, it is something that is already included in the 2021 General State Budgets and where it is established that the SEPE will have “stable and qualified professional teams.” Additionally, they intend to apply “Big Data and artificial intelligence to promote employment.” Some claims very far from the current SEPE teams, some with more than 30 years old.
No news of the rescue, something unusual in this type of cyber attack
According to media such as The confidential The Digital Shield, cyber attackers would not have requested a ransom, something that, according to government sources, increases the suspicion that Russia is behind this cyberattack.
Government sources explain that a bailout was not requested, which points to a possible interest in taking advantage of the weakness of the SEPE and damaging the image of the administration.
The attack was carried out with the ransomware Ryuk, as could be seen on the affected computers and the .RYK extension of the files. A ransomware that has been wreaking havoc for years and requires a significant proactive effort in terms of cybersecurity to be protected. Something that, in view of the results, has not been done in the SEPE.
The SEPE still not listed in the list of administrations certified by the National Cryptological Center and its lack of human and material resources was known, as it derives from the tender to “monitor and analyze SEPE computer applications” published in mid-2020.
In December 2020, the Ombudsman stated that the SEPE has “material and personal means clearly insufficient, not only for extraordinary situations such as those derived from Covid-19, but also for the ordinary exercise of their functions “.