Prospectus emphasises collaboration, while DCLG lead says local government will play a significant role
General and sector-specific guidance along with bespoke support for some organisations will be the elements of a “multi-layered” service from the National Cyber Security Centre, according to the organisation’s newly published prospectus.
It has been published by CESG, the Government’s information assurance body, in the week that a lead official from the Department for Communities and Local Government (DCLG) emphasised that councils should play an active role in the effort to build a secure cyber infrastructure.
William Barker, deputy technology leader for strategy, resilience and futures at DCLG, told the Digital Authority Forum – staged by UKAuthority and The MJ – that the leadership of the new centre is pledged to working actively with councils and their representative bodies.
“DCLG has been appointed by Cabinet Office to work with national bodies across local government to facilitate the conversation,” he said. “It does not mean that DCLG will dictate what you need to say, but for us to facilitate that conversation. We’re moving into a firm offer from government on this.”
The prospectus says there will be four categories in the work of the centre, which will be the lead cyber security technical authority for the UK. One is in working with other public authorities to provide general advice and guidance, and taking the lead in putting out government’s message in the event of any significant cyber security incident.
It will also provide tailored guidance to specific sectors, initially focusing on the critical national infrastructure, and more bespoke support to a small number of organisations that provide crucial services.
Its other role will to run the Cyber Security Information Sharing Partnership, through which members from different sectors can exchange information on threats and vulnerabilities.
The document says the centre cannot work in isolation and needs to partner with authorities from throughout the public sector, as well as working with law enforcement, security and intelligence agencies.
It also points towards making its capabilities as widely available as possible, and engaging with the private sector, especially companies contributing to the critical national infrastructure. This will involve a programme of secondments and interchanges for employees with the relevant expertise.
Barker told the conference that the centre is looking at two or three features of “active defence”, such as being able to identify whether someone sending an email to an authority or accessing its services is who they say they are.
He added: “What we need is to start to identify where there are authorities or groups of authorities that are willing to help out with test bedding.
“The Verify team in GDS is looking at something like that as part of the wider conversation, and organisations like Solace (the Society of Local Authority Chief Executives) and Socitm (the public sector IT association) have a very big strategic role in the next 12 months in marshalling some clear conversations and clear thinking on this.”
Recently, a group of cyber security experts and public officials issued a report, Local Leadership in a Cyber Society, calling for much stronger coordination between central and local government in facing up to threats. While the centre’s prospectus is less detailed than the report, it suggests that much of the thinking going along the same lines.
Image credit: http://eng-cs.syr.edu/research/cybersecurity