William Barker points to new opportunities and threats for devolved authorities as one of five big issues for local cyber security
One of government’s leading figures in cyber security has said the issue has to be taken very seriously as devolution deals develop in regions around the country.
William Barker, Head of National Cyber Security Programme Local in the Department for Communities and Local Government (DCLG), outlined his views at public sector IT association Socitm’s annual conference in Leicester yesterday.
He highlighted the issue as one of five that are raising new questions for cyber on the local front.
Barker said that devolution is providing an unprecedented change in how systems and structures in local government work.
“But devolution raises a number of questions from the cyber perspective,” he said. “It’s creating new opportunities to improve cyber resilience, with new structures and systems coming together allows you to ask fundamental questions.
“As devolution deals develop and organisations start to go through the process, we have to ask how far up is cyber on the checklist?”
He suggested that some of the devolved regional authorities are taking it seriously and making progress in their planning, but also warned that devolution will create new targets for cyber attacks. As a response, he said organisations should make use of Active Cyber Defence, the programme launched by the National Cyber Security Centre (NCSC) to tackle a high proportion of attacks.
“It’s about looking at how we start to share learning around this space,” he said.
Barker also pointed to the importance of local authorities strengthening their capabilities and promoting local economies by partnering with local companies in the space, and to incorporating “cyber by design” in their service delivery to provide high levels of assurance and trust.
Local democracy provides another area for a cyber focus. He pointed out that referendums and elections are a tempting target and suggested that it is only a matter of time before an attempt to interfere with the process.
He urged councils to put their electoral services team through a day of cyber security training to give them a basic understanding of the possible threats and the basic steps to resist them.
His fifth factor was resilience, saying that DCLG is looking at how it can work with communities such as local resilience forums and warning advice and reporting points (WARPs) to provide a more nationally joined up network.
“We have our own resilience and emergency structure in the regions and want to make sure that gets the best advice and help, both from the centre working with NCSC and communicating with others in the process,” he said.
One element of this will be understanding the lessons around incident management handling, one of the areas in which the NCSC is trying to strengthen capabilities.
“What we’re trying to do is not just the classic cyber defence and putting some education in place,” he said. “It’s much deeper, about how we embed a new way of thinking and working that is agile and effective so we’re able to make these things business as usual.
“By 2021 we should be saying ‘We get what cyber is and we’re responding to it'.”