The Scottish Government has published a strategic framework for cyber resilience that includes a ‘secure by design’ approach and a strong role for domestic companies in protecting the public sector.
It comes with the setting up of the new CyberScotland Partnership to provide more clarity on best practice in cyber security.
The Cyber Resilient Scotland framework is built on the country’s first strategy and focuses on four outcomes: that people recognise and are well prepared for cyber risks; that businesses and organisations are also well prepared; that digital public services are secure and cyber resilient; and that national cyber incident response arrangements are effective.
For public services it emphasises the need to ensure that a secure by design approach is adopted across the supply chain, aligned with the UK government’s proposal for regulating the cyber security of smart products.
This is accompanied by encouraging Scottish cyber security companies to provide products and services for the public sector, improving the security capabilities of digital services and protecting the systems that support the country’s infrastructure and services.
There is also a need to ensure that any smart city developments have cyber resilience built in from the outset.
Incident response
For responses to any national cyber incidents, the framework places the emphasis on regularly testing, exercising and reviewing the co-ordination arrangements, and raising awareness of these across government and its agencies.
Other steps include continuing to develop capabilities for monitoring, detecting and responding to cyber threats, clear communication with affected parties after any incident, and ensuring ongoing cross-agency collaboration.
The document also points towards the implementation of an action plan for the public sector, along with others for the private and third sectors and learning and skills, over the next two years.
Not just an IT issue
Writing in the foreword, Deputy First Minister John Swinney MSP says: “Digital technologies cut across everything we do – as our forthcoming Digital Strategy will demonstrate.
“The secure and resilient ways we use them cannot be an afterthought. Cyber resilience cannot be viewed simply as an IT issue. It is, in fact, the very backbone to every public service, to every business and to every community in Scotland. It is a critical part of our economic and societal recovery and renewal, especially as Scotland embraces new technologies such as artificial intelligence, smart cities and 5G wireless networks.
“Cyber resilience is key to operational resilience and business continuity, as well as our capacity to grow and flourish as we adapt to the demands of operating online. Our ability to deter, respond to and recover from national cyber attacks is our top priority. We need to plan, exercise and reflect continually and collaboratively, to ensure that Scotland is prepared to withstand cyber threats.”
The Scottish Government’s Cyber Resilience Unit has entered the new CyberScotland Partnership with nine other organisations: Police Scotland, the Scottish Business Resilience Centre, Highlands and Island Enterprise, Scottish Enterprise, ScotlandIS, the Scottish Council for Voluntary Organisations, Young Scot, Skills Development Scotland and Education Scotland.
The UK National Cyber Security Centre has also joined as technical advisor.
The partnership has begun by launched the CyberScotland.com website as an online resource for information on a range of relevant issues.
Image from iStock, Traitov