Report outlines features contributing to cyber resilience for non-technical, local government readers
Local authorities need to focus their cyber resilience efforts on their specific assets, environments and activities, according to a new report from the Department for Communities and Local Government.
Titled Understanding Local Cyber Resilience, it was prepared in collaboration with the Cabinet Office, outlines the key threats to local government and is aimed at non-technical readers. It emphasises that the danger is persistent, especially as the growth in digital services, along with the proliferation of mobile devices and increasing take-up of cloud computing, is presenting more opportunities for attackers.
“Whilst the level of threat will vary across local authorities they all possess information or infrastructure of interest to malicious cyber attackers,” the report says in its introduction.
It outlines the threats from cybercrime, hacktivism, disaffected or negligent insiders, physical threats, terrorists and espionage, and urges councils to follow the 10 Steps to Cyber Security produced by CESG, the National Technical Authority for Information Assurance, and the cyber advice for business from the Centre for the Protection of National Infrastructure.
These include setting up an information risk management regime, ensuring ICT systems are securely configured, managing user privileges and providing training for employees on cyber risks.
The report also urges councils to join the Cyber security Information Sharing Partnership (CiSP).
“Ultimately being cyber resilient is about having the right resilience, appropriately tailored to take proper account of the very wide range of different activities that councils undertake, the assets they handle and environments they work in,” it says.
Image: Harland Quarrington/MoD, Open Government Licence v1.0 through Wikimedia