The Ministry of Housing, Communities and Local Government (MHCLG) is aiming to develop a cyber health framework for local authorities in England.
It is planning to carry out the research and build a prototype over the six months from late November, in a £1 million project for which it is looking for support.
The plan derives from the department’s earlier assessment of councils’ cyber security capabilities, which highlighted shortcomings from an incomplete perspective and no common understanding of what is involved.
The market notice says there is currently no shared baseline against which councils can measure their cyber health, which makes it difficult to secure buy-in for relevant initiatives from senior leaders.
Current standards and principles are not applicable or appropriate to every council, but MHCLG says it has identified tools developed for other sectors and would like to use these as a basis for the framework. They include the Scottish Cyber Resilience Framework and Self-Assessement Tool, and NHS Digital’s Data Security and Protection Toolkit.
Beyond technology
The notice says the framework should go beyond technical factors to cover the knowledge and behaviour of employees, relevant processes, and how local authorities can determine their own level of cyber security and devise a path towards greater resilience.
Intended users include not just officials responsible for cyber but council chief executive officers and MHCLG officials monitoring which councils may not be secure.
“We expect re-use of existing work from other sectors to develop candidate toolkit, relevant to English councils through analysis of existing standards and tools, producing prototypes for validation in alpha, with continuation into private and public beta, subject to GDS assessment,” the notice says.
In September the MHCLG Local Digital Collaboration Unit identified five areas for alpha projects to improve cyber security in local government, saying it had begun to submit bids for funding of the work.
Image from GOV.UK, Open Government Licence v3.0