NCSC commits to step up local authority cyber collaboration
Security organisation says it has only begun to “skim the surface” of the needs of councils to understand their concerns in addressing threats
The National Cyber Security Centre (NCSC) has been working with local government organisations to look at the key challenges authorities may face from threats such as malware as it looks to overcome existing limitations in securing a large number of disparate systems.
With the organisation formerly established on October 1, the NCSC’s Alison Whitney, speaking during yesterday’s Socitm annual conference, said it was not possible for the organisation to be able to work with individual councils on a one-to-one basis to address potential issues.
“So we had to look to see how we can find ways of maximising the impact that we could have. So over the summer we had a number of exploratory meetings, we were capturing user needs and exploring what kind of things would help local government,” she said.
In talking to a range of groups such as the Local Government Association (LGA), the Society of Local Authority Chief Executives and Senior Managers (Solace) and Socitm, as well as a number of authorities and suppliers, the NCSC hoped to look at so-called “pinch points”.
However, in trying to understand local authority concerns and needs, Whitney said that the organisation had only so far skimmed the surface of looking at these issues, with further deep dives and work needed.
She noted that over the next few months, NCSC would attempt to carry on learning about the needs and functions of authority mechanisms like Warning, Advice and Reporting Points (WARPs) to better engage and work together.
Whitney said the organisation was also gradually expecting to produce more focused guidance for local government organisations, as well as recommendations and written advice on topics such as ransomware, something it would not normally undertake for central government.
Questioned on whether NCSC held any specific concerns about threats or weakness in local government cyber security, Whitney said that no specific concerns unique to councils had been identified in its current work.
“I think one of the challenges I observed with local government was that you are a means of delivering so many services that are provided by other people connected to others, that the whole integration activity of how you move data around and who you share it with feels quite complicated,” she said.
“That is something we want to explore further because it may be there are some specific types of guidance we can develop that will be of particular use to local government, but we’re still trying to explore that.”
Other delegates noted the need for joining up alerts and warnings around potential threats with organisations working in health, as authorities look to meet aims for more integrated care services moving forward.
Socitm policy head Martin Ferguson welcomed the engagement with its members by the NCSC, and offered to coordinate the views of councils around their needs and concerns.
The public sector IT managers group has also this week announced a partnership with Intel to develop cyber security guidance and research.
The Socitm Cyber Guide is intended to serve as a means of providing clear guidance to councils on changing threats facing public services.
In a statement, the group noted that a number of cyber incidents that had targeted local authorities highlighted the need for pro-active work on addressing threats.
“To date, the UK government cyber security efforts have largely been focused on central government’s response to the growing cyber threat,” said Socitm. “Whilst this must remain a priority, a new local focus is needed in the UK to manage and respond to the changing threats as local public services become increasingly devolved and digitised.”
Alongside the partnership announcement, Intel was revealed to have won the Socitm Supplier of the Year award as part of an event coinciding with the annual conference.