Deputy digital chief of National Cyber Security Centre outlines plans for working with local government
An investigation of data issues, better guidance and more engagement with chief executives are among the priorities for the new National Cyber Security Centre (NCSC) in working with local government, one of its leading officials has told the Socitm annual conference.
Alison Whitney (pictured), deputy director digital services, said the organisation is still getting to grips with what local government needs, although it has been able to draw on some of the work of its precursor organisations.
It has spent the summer in exploratory meetings with local government bodies – including Socitm, the Local Government Authority (LGA) and the Society of Local Authority Chief Executives (Solace) – and identified some areas where it need to develop a stronger understanding.
“I don’t think we’ve discovered anything particularly unique to local government,” Whitney said. “But one of the challenges I’ve observed is that you are a means of delivering so many services that involved connections with other people, that the whole integration activity of moving around and sharing data feels quite complicated.
“It’s something we want to explore further because it feels there may be some specific guidance we could develop that would be of particular use to local government.”
Skimming the surface
She made the point that local government is quite disparate sector, and that so far the NCSC had only “skimmed the surface” of what it needs for better cyber security. Also, it will not have the resources to develop one-to-one relationships with each local authority, so is looking for ways to maximise its impact in the sector.
This is likely to involve working with organisations such as Socitm, the LGA, Solace and the Department for Communities and Local Government.
Whitney said another priority will be in trying to make chief executives more aware of cyber security issues; and she agreed with a comment from the audience that it should be alongside better established issues such as health and safety on a council’s internal agenda.
She added that a couple of steps have been taken with the NSCS website to make it more relevant that that of one of its precursors, CESG.
“In launching the website we thought a lot about the guidance,” she said. “For CESG guidance we had nearly always written it with central government in mind, so prior to the launch of the new site we reviewed our guidance and did our best to make it user-agnostic.
“We’ve tried to make it less obviously focused on central government users and will hopefully introduce more case studies for local government.
“And we’ve introduced guidance on areas we probably would not have touched for central government. In the last 24 hours we have added some on ransomware because we know it is particularly relevant to local government and the health service. It’s now up there and available, and we would really like to get feedback on it.”
The NCSC became operational earlier this month, with the aim of providing leadership on national cyber security issues and nurturing the national capability in the sector. Its pre-launch prospectus emphasised the need to work with authorities from throughout the public sector.
The organisation has taken on functions of the National Technical Authority for Information Assurance CESG, the CERT-UK (Computer Emergency Response Team) programme, the Centre for Critical National Infrastructure and the Centre for Cyber Assessment.