by Jos Creese, chief executive, CCL & former chair of the Local CIO Council
It is a role of governments to protect. In the past that safeguarding has typically been against the so called ‘four horsemen of the apocalypse’ – war, famine, pestilence, and death. But today we have a fifth rider: cyber. Many criminals and malicious governments are turning to digital means to disrupt or to attack the business of industry and government, creating a whole new era of risks to our way of life and to our safety.
With the growing dependency in modern societies on digital infrastructure, traditional protection agencies need to be modernised to be able to deal with cyber threats. This includes the armed forces, police, fire, health and local emergency planning – all now need to have the capacity, capability and coordinated approach to handle cyber resilience risk, particularly at a local level.
The UK has always been served well by cyber security experts in government, with world class expertise in GCHQ in particular. Indeed, the UK has set a world lead, ever since the code breakers of WW2.
But the nature of the threat is diversifying, as digital networks and infrastructures are joined together. It is also not widely understood, because it’s new, complex and less tangible than other more common risks such as flood, fire, disease, nuclear incident or failure of our energy or food supplies.
For example, supply chains (business to business and business to government) are becoming automated and more integrated. Government digital infrastructure is increasingly homogeneous – such as the Public Services Network (PSN). These digital trends bring huge benefits, but also bring a need to ensure greater rigour in the design of security systems, in the routine detection and monitoring of threats, and in sophisticated mitigation response to minimise damage when risks materialise.
To be effective, it also requires closer working between all players in the digital services chain to balance ease of use with digital safety.
Consider the impact of the internet of things (IoT) – the growing network of physical objects which contain electronics, software, sensors, and network connectivity. These objects will soon be in every home, office, public space, our vehicles and in a variety of appliances we use and own. The cyber threat is not just to our privacy, but the extent to which these embedded objects can hold latent and undetected vulnerabilities that become a ‘back door’ to our networks and our data – nationally and locally.
We live in a world where a cyber attack is easier, cheaper, faster, less detectable and potentially more damaging than any traditional form of malicious attack. The UK needs to build a new and strategic response to this, which integrates traditional services and is coordinated nationally and regionally, across public and private sectors.
For the UK to be prepared, that strategic level response must include:
- A pan-government approach, coordinated locally and nationally, with local civic leadership of integrated public protection planning.
- An assessment of which agencies need to work together to coordinate risk monitoring, alerts, sharing information and detection systems, as well as sharing best practice.
- A widespread public awareness campaign, to ensure the risks as well as the benefits of ‘digital society’ are better understood and communities and individuals can better protect themselves and their families from cyber threats.
Current emergency planning services should in future be expected take on an obligation to prevent, detect and respond to cyber threats locally, running scenario tests and recognising that this is a complex and technically challenging topic, requiring specialist skills and experience.
The UK is a global leader in digital – advanced in ecommerce, open government, and cyber expertise. But a serious cyber security incident could seriously undermine digital government and digital business, let alone threaten our national security.
That makes cyber resilience one of the highest strategic priorities for local and national leaders alike.
This article was first published in Local Leadership in a Cyber Society: Understanding the Challenges by the DCLG led National Cyber Security Programme - Local and iNetwork. Read the other featured articles.