National Cyber Security Strategy provides welcome boost for ongoing commitment of UK local authorities says Local CIO Council
The much anticipated five year National Cyber Security Strategy set out by the Chancellor yesterday provides a welcome boost for UK local authorities’ ongoing activities to keep their operations secure in an increasingly digital world.
The Local Public Services CIO Council, representing IT and digital chiefs working in local authorities and other local public services, has been contributing to the development of the Government’s strategy over the last few months, in particular since its announcement in the November 2015 Autumn statement.
This contribution reflects a long track record of local government investment in information security, including the important business of engaging non-IT service managers in security management and business continuity planning. This includes working in partnership with the Department of Communities and Local Government to share best practice in cybersecurity over many years.
A robust foundation for sound cyber security practice in the local government sector exists in the form of accreditation for the Public Services Network used by local authorities, as well as Payment Card Industry (PCI) and related technology and data handling requirements.
This and other activity around risk management, preventative action and, preparedness to handle Cybersecurity threats is supported by research, advice, guidance and peer networks organised by the Society of IT Management (Socitm) which also manages the Local CIO Council.
For example, Socitm provides a peer to peer sharing platform on Knowledge Hub to support councils working to comply with Public Services Network requirements.
Earlier this year, Socitm launched an online Cyber Guide aimed, not at IT specialists, but rather at local authority directors primarily concerned with organisational strategy and policy development matters, and managers of technical experts in operational departments.
The Guide does not delve into detailed technical matters, but focuses upon what directors, heads, senior and other managers need to know and do. The Guide has already been updated with details of the National Cyber Security Strategy.
In April, Socitm published a policy briefing on the role of local government in National Cyber Security Strategy, setting out the case for stronger local cyber resilience, in order to protect the UK as a whole, as well as to ensure security and protection of local public service delivery.
The briefing points out that most UK government cybersecurity policy, strategy and measures have focused on central government’s response to the threat – through the big government departments and specialist agencies such as GCHQ.
Acknowledging that this remains a priority, the briefing suggests that a new local, place-based focus is needed if the UK is to manage and respond to changing threats, including existing and new forms of malware and other forms of cyber attack.
Over 60% of citizen interactions with government take place between citizens and local authorities and devolution will only increase this proportion. In addition, local public services are being redesigned universally to become ‘digital’ and joined up at, and across, local and national levels. This not only increases cyber risks, but also opens up new avenues for national cyber-attacks via local digital ‘backdoors’ of inter-connecting systems and IT networks.
It follows that local government and its partner delivery organisations must play a bigger part in the UK cybersecurity ‘ecosystem’ in future. Local government holds essential intelligence about local communities and cyber risks. This data needs to be better managed, joined up, shared and used to support UK-wide threat mitigation.
The briefing provides a series of proposals about how local government can be brought into the heart of national cyber security strategy.
Commenting yesterday’s launch, Geoff Connell, President of Socitm said:
We welcome publication of the Strategy, its positivity and direction of travel and are already working with the National Cyber Security Centre and the Department of Communities and Local Government on how central and local government can collaborate to improve national and local cyber security maturity. It is indicative that NCSC was a key speaker at our recent annual conference.
The briefing Role of local government in National Cybersecurity Strategy:
A policy perspective from Socitm can be downloaded at https://www.socitm.net/publications/role-of-local-government-in-national-cybersecurity-strategy
Socitm’s online cyber guide is at: https://cyberguide.socitm.net/
Vicky Sargent, Socitm Press Office
Email: firstname.lastname@example.org Phone: 07726 601139
Martin Ferguson, Director of Policy & Research, Socitm
Email: email@example.com Phone: +44 (0) 7931 456 238