Government to set up strategic governance group and public sector urged to plan for risk in building digital services
Resilience to cyber risks should be planned and budgeted for in building digital public services, the Scottish Government has told organisations as part of the launch of its new strategy for cyber security.
Deputy First Minister John Swinney (pictured) outlined the Safe, Secure and Prosperous strategy at the National Economic Forum in Edinburgh today.
While it is aimed at public and private sectors and individuals, it includes a series of steps to be taken by the Scottish Government and public authorities. They include:
- incorporating cyber resilience into all polices;
- ensuring board/executive level commitment;
- developing reporting measures for cyber incidents and linking them to wider ICT and business continuity plans;
- defining the standards relating to cyber resilience for procurement of goods and services;
- ensuring the safety and security of online shared services systems;
- embedding cyber risk and resilience assessments when developing new products, services and processes;
- and considering shared development or procurement of cyber resilient systems and tools for the public sector.
In addition, the Scottish Government is to set up a strategic governance group to oversee the strategy.
The document also cites the need for confidence and trust in digital public services as one of the key outcomes it wants from the strategy.
Swinney said: “We have a responsibility to ensure people in Scotland are educated and empowered to exploit digital opportunities for their personal and professional development whilst having the skills to protect themselves from harm and exploitation online. This strategy is the first step in achieving that goal.”
The announcement follows the publication in July of a consultation document on cyber resilience, which included an assertion that the Scottish Government will hold public authorities to account but not legislate in aiming to boost cyber resilience in public services.
The country already has the Scottish Cyber Information Network (SCiNET) in place for public authorities and businesses to share information on threats and advice on how to respond to incidents.
Image from Scottish Parliament under Open Scottish Parliament Licence