BLOG: SERVICES YOU CAN RELY ON: SECURING LOCAL AUTHORITIES IN A DIGITAL AGE
I joined the Digital Office at end of Feb entering a new post as the Chief Information Security Officer. In this role, I will work between the Scottish local authorities and the Scottish Government to enhance the great work that individual councils are already progressing in the crucial area of cyber security.
Councils are increasingly digital businesses. This brings with it great improvements in service provision and resource utilisation but at the same time it potentially exposes some of our most sensitive data to entirely new threats from all over the world. Securing these digital frontiers ensures the confidentiality, availability and integrity of information processed by vital services relied upon by our local communities.
In the short term, I will work with the local authorities to produce a Cyber Security Maturity Model that can be used by executive teams as an objective measure of the cyber security programmes they have each championed. This model will also act as benchmark against which council security professionals can set organisational targets. In support of the Public Sector Action Plan, I will assist the councils to achieve Cyber Essentials and to implement the NCSC’s active cyber defence tools.
Longer term I will help council security experts to develop a shared collaborative set of tools and resources, making the most effective use of limited resources. The cyber education of our workforces across both the public and private sectors remains a challenge. I will work alongside local authorities to assess and compile training materials appropriate for all levels of experience and professional backgrounds.
The Scottish Government has a strong focus on ensuring that public sector organisations can survive and fight through a cyber incident. I will be working hand in hand with the Scottish Cyber Resilience Unit to ensure that we can make the best use of our collective limited resources by gathering best practice from across the sectors. We will also examine tools that can be developed nationally as well as investigating the potential to expand the use of existing facilities such as the Scottish Government Security Operations Centre.
The fight against cyber criminals cannot be achieved in isolation. Collectively we are much stronger than as individuals. I appeal to anyone currently working within Scottish local authorities, whether in security or not, who has an interest in working on cyber security projects to get in touch with me to discuss their ideas.