Chair of Cyber North says such groupings can provide a bridge to national strategy and encourage development of local ecosystems
Localised efforts to strengthen cyber resilience in the public sector can also promote innovation and growth, the chair of the regional grouping Cyber North has said.
David Carroll (pictured) was speaking at last week’s Local Government Cyber Summit in London, where he also made the case for such groups in enabling the local implementation of national strategies.
“We’re starting to think about local cyber resilience and local cyber innovation as part and parcel of the same thing,” he said.
Carrol said that Cyber North – which he described as an informal “coalition of the willing” and does not yet have a website – has come together this year in response to a gap between the national initiatives for cyber security and the ability to implement them effectively at local level while taking account of the factors affecting local or regional organisations.
Top down
“We have a top down approach to addressing cyber security with centralised assets such as the National Centre for Cyber Security, CiSP and CERT schemes; but have not yet worked out how they offer the maximum amount of value to us out in the regions,” he said.
“We’ve standards whose logic you can’t knock when you’re looking on paper, but for which the implementation in the real world is beyond many organisations.”
He added: “There’s not enough emphasis on practical action where it matters, and for me this is the missing piece in the jigsaw between our national strategy and local action.”
It is also intended to address the “missed opportunity” of combining cyber resilience for public sector with an effort to support the economic regeneration of a region.
Cyber North consists of 12 local authorities, 12 NHS acute trusts, three police forces and 12 clinical commission boards, and there has been involvement from regional cyber groups, such as the local universities, the North-Eastern ICT Partnership and the North-East Cyber Crime Unit, along with a handful of private sector companies.
The public sector organisations have struggled to afford the relevant skills they require, and Carroll said it makes more sense for them to tackle cyber security issues together than in isolation.
Manchester example
“What if, in the North-East for example, we said ‘Let’s build a local cyber resilience plan and work out what it means to our strategy and direction’,” he said, making reference to the example of Greater Manchester as its new combined authority takes up more powers devolved from central government.
“We are now trying to complement the work of the National Cyber Security Centre, to use national guidance aligned to defend, deter and develop. We could go even further, creating not just cyber resilience, but a cyber resilience and growth plan.”
The grouping is now taking early steps towards building an ecosystem, having run some cyber security challenges, hosted a research day at the University of Newcastle, and run hackathons and competitions in support of public sector organisations.
There are plans for the formation of a local cyber resilience taskforce next year, along with setting up a fund for incubator projects to encourage the formation of start-ups in the field. Carroll said there are also hope to provide marketing for the region’s cyber workforce to attract inward investment, and to school teachers and careers advisers with materials to encourage students to investigate cyber security.
All of this has an estimated economic potential, from domestic consumption and export opportunities, that could amount to £8 billion per year by 2020.
“I don’t think we should separate local cyber resilience and innovation, and the sooner we create this ecosystem from the bottom up, the sooner we get beyond the current impasse,” Carroll said.