The Local Government Association (LGA) is planning to develop a range of cyber security tools for councils over the next year.
Jamie Cross (pictured), cyber security adviser at the LGA, outlined the plan at UKAuthority’s Cyber4Good conference in London yesterday.
The move follows the LGA’s stocktake of cyber security arrangements in local authority’s, carried out last year, and the development of a self-assessment tool which will be open for two set periods every year – the first of which is now running until 19 December.
Cross said the new plans derive from the findings of the stocktake and part of the LGA's work with the National Cyber Security Council (NCSC) and the Ministry of Housing, Communities and Local Government to promote a cultural change in the field. They will place an emphasis on people and processes rather than technology.
“Within the budget of our programme we felt the piece where we could make an impact was around people and processes,” he said. “That’s not to say that we don’t think platforms and technology are important, but it’s the prioritisation process and that’s the strategy we followed.”
He said this comes down to embedding sustainable cultural change, which involves a threefold focus on whether councils’ leadership know what to do, the governance and reporting issues, and whether they have arrangements such as risk registers and cyber improvement plans in place.
“There are a lot of different policies and practices in this space, it’s a confusing space for councils and we want to make it simpler to navigate,” he said.
“We see our primary role as focusing on the 1.4 million people in local government who don’t know much about cyber. We see that as our key audience, although we do work with IT specialists as well.”
Cross acknowledged the contribution made by existing tools, such as those from the National Cyber Security Centre’s Cyber Essentials –for a wider audience than local authorities – and Dojo from CC2i – which which comes at a cost per user – and said the new project is aimed at “bridging the gap” by producing high quality guidance specifically for local government.
“We’re looking at developing some videos, hopefully interactive, to cover a range of topics but focused primarily on local government. We’re also looking at developing a system of peer support, so you have an arrangement where you can call a friend if you have an emergency.
“We’re looking at developing a local authority specific exercising tool, so you can try some of these policies that are in place; and we’ll be providing a third round of grants with another £500,000 from January. It’s just trying to make the space more simple for councils.”
Possibilities for next year include the development of some third party compliance software to support the spread of good cyber practice down the supply chain - for which the LGA hopes to learn from a pilot taking place in Scotland - a single online gateway for policy advice, and looking at whether there is a more formal way for local government teams to check each other’s cyber arrangements.