Two key tools for cyber security

8 Mar 2016, 10:18 pm

DCLG deputy technology leader William Barker emphasises importance of 10 Steps documents and CiSP

Local authorities need to use the resources made available by central government to maintain their cyber resilience, according to the leader of the workstream for the Department of Communities and Local Government.

WilliamBarkerWilliam Barker (pictured), deputy technology leader (strategy, resilience and futures) at DCLG, told last week’s Local Digital Futures gathering that the two resources that cannot be ignored are the Cyber Security Information Sharing Partnership (CiSP) and the 10 Steps to Cyber Security series of documents.

He used the event to reiterate the importance of a preventative approach to cyber security, “being on the front foot to deal with what might happen”, and having quick access to any information that could help to deal with any attacks or emerging threats.

“We know that 80% of the basic cyber incidents impacting the public sector are rebuttable if people put in sensible patching,” he said. “It’s basic hygiene and housekeeping that can give you an edge.

“So we’ve been trying to give you an edge. About a year ago we worked with the security services put together a boiled down guide for the local public sector on what these issues look like where to go for help.”

Proactive approach

The 10 Steps guide can provide a route to the basic measures needed for the proactive approach. Barker pointed to the diagram on point six of the Executive Companion, for managing cyber risks within corporate governance, saying it could provide an effective starting point.

He advised: “Work out where you sit in your organisation, and try to link with people in other parts of the diagram and have a conversation around this book. Talk to those who matter, maybe the people who tell the chief, and start there for the conversation around cyber.”

CiSP is a joint industry government initiative to share information on cyber threats and vulnerabilities and increase overall awareness, but it can also be a source of support in responding to an emergecy.

Barker said it was a “life saver” for Lincolnshire County Council last month when it had to shut down its IT systems after a ransomware attack. “It made a difference for them to get advice quickly on how to deal with the issues,” he said.

“The most important thing of the whole piece is CiSP,” he said. “It’s the free online secure environment that can help you work with your peers on a response if you have an incident. If your local authority is not on there it should be.”