by Martin Ferguson, director of policy & research, Socitm
Accelerating digital ways of working and sharing data and information between agencies and actors places an ever growing responsibility on all those involved to be cyber resilient.
This responsibility impacts all users of information systems and those supporting them.
Citizens, businesses, staff working for community, third sector and private sector delivery organisations, local authority staff and IT teams all need to understand the importance of guarding against cyber threats, and the behaviours and steps that, individually and collectively, they need to adopt.
Cyber threats are not just technical in nature. The human factor and insider threat is just as important and, no matter how good the malware prevention and detection systems are, there is always a risk that hackers will be one step ahead. We need to ensure that operational staff are diligent and follow relevant advice.
For local authorities, cyber security awareness and skills are required at the following levels:
- Senior leadership and management – business requirements and cyber practices.
- IT, digital and web teams – infrastructure and technical cyber skills.
- Staff in all service delivery organisations – user and operational cyber skills.
- Citizens, community groups, businesses, voluntary organisations – awareness and skills to protect themselves, their organisations and services.
10 steps
Senior leadership needs to ensure that appropriate steps are in place to secure data handling procedures and to train all staff. Their organisations should retain a ‘senior information risk owner’ capability to implement good cyber security practice in each of the areas addressed by the NCSC 10 steps to Cyber Security including user security policies, information assurance awareness, and cyber skills guidance and training.
In line with local authorities’ responsibility for economic, social and environmental wellbeing, these activities should encompass partner organisations delivering public services, as well as citizens, local businesses and voluntary organisations in their area.
Given the national cyber security skills shortage, local authorities - especially those at the smaller end of the spectrum - will be unable to retain all the necessary and relevant cyber security capabilities in-house. They should take advantage of external resources and shared capabilities wherever possible. These include:
- Free membership of cyber security information sharing partnerships (CiSPs).
- Participation and sharing between authorities through regional warning, advance and reporting points (WARPs).
- Professional support, guidance and services of associations like Socitm – for example, maturity assessment tool, briefings, research and advisory services.
This article was first published in Local Leadership in a Cyber Society: Understanding the Challenges by the DCLG led National Cyber Security Programme - Local and iNetwork. Read the other featured articles.