The Local Government Association (LGA) has developed a cyber incident ‘grab bag’ as a new cyber security capability for local authorities.
It said the grab bag will be freely available on its website and provide guidance customised for local government to help councils use their existing resources in managing the immediate priorities of a crisis, provide a well structured response to cyber incidents, and anticipate challenges that will occur during a recovery.
It can be used by cyber security and IT professionals as well as senior leaders, business continuity and emergency response leads, and communications teams.
The guidance it provides has been structured around seven themes:
- Healthy teaming - the steps to ensure a council has the right people assigned to a response, with effective coordination and a sustainable pace.
- Delivering services – guidance for the deployment of a council’s business continuity plans and other factors they will need to consider in responding to a cyber incident.
- Safely restoring technology and systems – advice on how a council can ensure that disaster recovery and system restoration work is safe, secure and helping it to act strategically to enhance its overall cyber resilience.
- Protecting data – measures to mitigate risks to personal and other sensitive data, and to ensure compliance with the Data Protection Act.
- Working with elected members.
- Coordination with other parts of government and law enforcement, drawing on advice from bodies such as the National Cyber Security Council, National Crime Agency and Ministry of Housing, Communities and Local Government.
- Informing and supporting – advice in crisis communications, engagement and work to build trust with residents, businesses, partners and colleagues.
While the first iteration of the resource is targeted at local authorities, the LGA has indicated that it may be useful in other parts of the public sector, and that it is planning to work with other sectors on future iterations.
An LGA spokesperson said: “The grab bag has drawn on expertise, experience, and learnings from the sector to provide a practical toolkit for what councils should do, and what they should expect, when responding to a cyber incident.
“As well as engaging with the local government sector to gather user needs and to design the grab bag, the LGA with their delivery partner Public Digital have also engaged with central government departments and agencies to create the guidance.
“In doing this, the grab bag will provide consistent best practice advice across different agencies and government departments, whilst also providing clarity for councils on how to coordinate with these stakeholders during cyber incident response.”
The LGA is planning the online launch of the grab bag providing more detailed information at 12.00-1.00 on Thursday 24 April. Further details of the event and the sign-up are available here.
