Skip to main content

https://mhclgdigital.blog.gov.uk/2021/03/02/kicking-off-the-cyber-health-framework-alpha-phase/

Kicking off the Cyber Health Framework Alpha phase

Posted by: , Posted on: - Categories: Cyber, Local Digital
Photo by Clayton Robbins on Unsplash

In June 2020 the Local Digital Cyber team completed a discovery into cyber security at local authorities. We found that:

  • There are many cyber standards, but no clear baseline.
  • An effective cyber baseline must encompass culture, leadership and ‘cyber first’ processes.
  • Leadership support is vital to embed standards and best practices across the organisation.
  • Leaders need to understand cyber risk to inform their decisions.
  • Legacy technology is a critical blocker to achieving cyber health.
  • There is an opportunity for councils to collaborate in order to achieve greater security.

Read the key findings and outcomes from the discovery.

Identifying a Cyber Health Framework

A clear Cyber Health Framework was identified as one of the main areas of opportunity to progress into an alpha project, supporting council staff to navigate numerous and sometimes overlapping standards.

What we want to achieve

We are developing a framework and self-assessment tool that will support local authorities to achieve a recommended level of cyber health. The framework will support local authorities to apply cyber security standards and guidance, and the tool will allow local authorities to assess where they are against a baseline.

The framework should reflect the wider view of cyber security addressing non-technical and technical practices, such as:

  • People: knowledge and behaviours
  • Processes: procurement, executive governance
  • Technology: standards, architecture, management

If we are successful, local authorities should be able to:

  • know and understand the minimum level of cyber security to reach
  • determine their own organisation’s level of cyber security
  • devise a path to build greater resilience

During the alpha phase, we will be testing our riskiest assumptions, which are:

  • We assume a single framework & baseline will save Local Authority cyber responsible staff time by giving them a one point of reference for cyber health standards and guidance
  • We assume that we can deliver a framework that can be useful for a wide variety of councils
  • We assume councils will be able to understand and use this framework independently without support
  • We assume we can lower the barrier of entry that will increase councils application of cyber health standards and guidance across the whole organisation

Working openly and collaboratively

In order to better understand how we can help, we want to involve a wide range of local authorities in the process of creating a tool and associated framework that is achievable, actionable, and useful.

We’re also aware that we’re not the only team working on a project of this nature. The Scottish Government has developed a cyber resilience framework and self assessment tool and the NHS has developed a Data Standards Protection Toolkit. We’ll be learning from and building on top of the great work they’ve already done and sharing our progress along the way.

Take part and help us build a useful framework

We are interested in speaking to those responsible for maintaining cyber resilience and the challenges this poses within their roles and local authorities.

We’re also looking for senior decision makers, who are responsible for shaping the culture of their organisation. We’d also like to speak with Service Managers and Chief Information Officers.

If you would like to take part in an interview for the MHCLG Cyber Health Framework project, please complete this short form.

If you’re working on a related project and are interested in collaborating with us, please email cyberhealth@localdigital.gov.uk.

Follow our progress

Sharing and comments

Share this page

Leave a comment

We only ask for your email address so we know you're a real person

By submitting a comment you understand it may be published on this public website. Please read our privacy notice to see how the GOV.UK blogging platform handles your information.