The Local Digital Declaration includes a commitment to the continuous improvement of cyber security practice to support the security, resilience and integrity of our digital services and systems.
Earlier this month, the Local Digital team started work on a pre-discovery to understand what we could, and should, be doing as a department to better support local government on cyber security.
The purpose of this work is to research, identify and understand the current cyber security threats, challenges and capabilities across local authorities. Our goal is to provide recommendations on how MHCLG might support local authorities to reduce cyber risks and become more cyber resilient.
This work has taken on a greater urgency, as many councils find themselves stretched for resource because of the coronavirus (COVID-19) outbreak. The National Cyber Security Centre (NCSC) has already detected a range of cyber attacks that seek to exploit the crisis.
What we want to achieve
Through the pre-discovery, we want to:
- gain a broad understanding of the people, stakeholders and organisations involved, and their needs
- identify the types of cyber risk, their relative risk rating and how this framework applies to local authorities
- identify current cyber security risk reduction activities, how often they are performed, and if there are any gaps
- pinpoint the challenges that local authorities, and potentially suppliers, face to protect themselves
Working collaboratively and in the open
This will be a collaborative effort, where we’ll work together with other organisations in and around local government, and build on the learning of the Pathfinder cyber security training programme.
We are also working in alignment with the NCSC cyber security strategy of ‘Deter, Defend and Develop’, so we can build on the work that has already been done in this field.
We want to deliver outcomes through an evidence-based approach, so conducting user research with local authorities will play a key part in the work we’re doing.
Our recent and immediate focus
The first sprint has just come to an end, during which we added a Delivery Manager and a Technical Architect to the team.
During the second sprint, we will be:
- creating a plan for future user research with local authorities
- talking to experts in the cyber security field
- gathering reports and resources that have been produced by other teams and organisations also looking to improve cyber security at a local level
- analysing the results of a survey sent out to local authorities to assess their cyber health, which has received over 120 responses
We welcome further collaboration and input so if you would like to share with us any strong evidence to support our research, please email us at firstname.lastname@example.org.
What we expect to come out of pre-discovery
We believe there is scope for additional discoveries that will support an alpha service proposition, such as a technical investigation and guidance on cyber security.
After the 8 weeks allocated for pre-discovery, our aim is to provide understanding and evidence with which to inform more focused discoveries.