Public services thinktank Reform has advocated five steps for the National Cyber Security Centre (NCSC) to strengthen good practice in the sector.
It comes with the publication of a report, Resilient public services in an age of cyber threats, which points to a number of prevailing weaknesses while acknowledging the progress of recent years.
The thrust of the report is that the landscape for cyber security in the public sector is fragmented, with many overlapping remits, and suffers from unclear guidelines for local organisations in dealing with any attacks.
It points to the effects on the NHS of the Wannacry ransomware attack in 2017 and another on Copeland Council in the same year. The significance has been intensified by the report being published at the time of a cyber attack on Hackney Council.
As a response, it advocates a series of steps for the NCSC aimed at strengthening the cyber infrastructure.
One is an audit of existing warning advice reporting points (WARPs), through which public sector professionals exchange information on cyber threats, to identify the best structures and practices that could be extended nationwide. This should take in an assessment of the necessary funding.
Second is that the NCSC should increase the capacity of and mandate attendance at its training courses for anyone in the public sector handling sensitive information.
Thirdly, it should work with government departments on identifying jobs that require some training in cyber security and change the job specifications accordingly. Candidates with the qualifications should receive priority for relevant jobs and have career pathways in place.
It should also look at the new National Cyber Security Strategy, expected later this year, including an audition of local public sector organisation to check on their adherence to national standards.
Finally, the NCSC should work on a kitemark of cyber secure products to support procurement.
Lack of skills and co-ordination
These reflect key themes of the report, which include a shortage of relevant skills, a local-national divide in knowledge sharing and communication, the lack of a co-ordinating central body for local government cyber security, and the need for good technology in the sector.
In a statement accompanying the publication, Reform said: “Covid-19 has accelerated the digitisation of public services in the UK, which while positive, poses an increased cyber risk. It has also accelerated the use of remote working tools and multi-agency working, which potentially exposes the public sector to more vulnerabilities.
“Without sound infrastructure, investment in maintaining or updating that infrastructure, and a cyber aware workforce, there is a threat of large scale damage both to the UK public sector and wider society.”