Guest blog:#CounciloftheFuture must be resilient against Cyber threats

The council of the future must prepare itself for the likelihood that a cyber-attack will occur: a case of ‘when not if’. Councils are already well rehearsed in responding to traditional risks like fires, floods and extreme weather conditions, as well as responding to crises like mass market or provider failure or terrorist incidents.

The new landscape of industrialised cyber threat, however, poses a new challenge. Whilst there is much good practice to take note of, it won’t be good enough to simply have the basic technologies in place to try to prevent an attack, and to leave this to the IT team to manage. A modern organisation will need to embed awareness of cyber security across the organisation, to ensure all staff understand basic cyber hygiene and know to spot the risks. And there will need to be preparedness, across the organisation, to respond and to recover from a major cyber incident when it occurs.

Does the organisation know how to cope without access to its IT systems? Without being able to communicate by email? And do colleagues know how to minimise the damage of an attack, and which systems to restore first? Are files and systems routinely backed up and tested?

Cyber preparedness goes beyond good practice around data handling and sharing. The changes brought by the age of GDPR are important and timely, but they are not in themselves sufficient if an organisation is hit by a DDoS attack, or aggressive ransomware. The LGA has collected some case studies from councils who have already experienced such scenarios. A cyber incident can disrupt the running of essential services, as well as risking reputational damage for a council.

When even large scale, household name companies – like Amazon or Google – are experiencing attack, we know the threat is real.

Though no council was directly hit, the WannaCry attack which affected NHS systems in 2017, provided a stark illustration of the kind of impact a major cyber incident can have on the public sector. The cost to the public purse is estimated at £92m. Hundreds of patients’ lives were affected.

As a sector, those with criminal or hostile intent will continue to try to breach our security to steal the data we hold and/or damage our systems. The ability and complexity of attacks is increasing, and therefore so too are the measures we must take to remain resilient against them. This threat cannot be eliminated completely, but the risk can be greatly reduced to a level that allows us to continue to benefit from the huge opportunities that digital technology offers to public services. Mature cyber resilience can be a business enabler not a blocker.

It is this context that, funded by the National Cyber Security Programme, the LGA has launched a programme of support for councils in England; working to improve the cyber resilience of our sector. As a first phase, we took stock of what councils were already doing in terms of their cyber security, and are now using this information to plan a programme of support for the sector, including an opportunity for councils to bid for funding or peer support, both individually and in partnership, to improve their cyber resilience.

This programme provides a real opportunity to work with the sector to ensure the council of the future is ready and resilient

Share this

FROM SOCIAL MEDIA

A full list of our recent events is here: https://t.co/0R30jnHjDG A big thanks to everyone who helped us along th… https://t.co/zGzO3wANtM
And we entered the festive season with a discussion about the Government’s new Vision for Digital Health and Care w… https://t.co/5ZWpHJHW3I
And as the nights closed in, we launched #Manifesto4Matt with 250+ people at our Industry Dinner. @MattHancock welc… https://t.co/c9WPSsGtNo
We began November with a Supplier Development Day to help companies to get on to @NHSEngland 's HSS Framework. 62 c… https://t.co/X1sCp8FbYZ
In October we headed to Liverpool to explore just how much 5G could transform the health and social care sector to… https://t.co/3WXKUkScmX
At the start of Sept we decamped to Manchester for @ExpoNHS and hosted two insightful discussions with… https://t.co/sbOD1ImvBt
In August we hosted 6x GPIT Futures webinars with @NHSDigital ... and at the end of the month co-hosted a fascinati… https://t.co/9aXgmRtJgv
In July some quick-footed players took a break from the World Cup to display their agility and skills at an interac… https://t.co/bglCKYBpB5
In June we were joined by @NHSDigAcademy CEO @ukpenguin Rachel Dunscombe and @NHSCCIO to set out concrete steps on… https://t.co/hhkA5km1Ea
We kicked off May with @TJamesHawkins @NChishick @JamesTnorman leading our @NHSDigitalbriefings; and enjoyed pizza… https://t.co/ltam2iTXvh