28.04.16
Councils must prepare cyber security strategies in face of growing attack threats
Hackers will be increasingly likely to target local government, who needs to be involved in preparing national cyber security strategies, Socitm has warned in a new policy briefing.
The briefing says that although local government has not been a target for large-scale cyber-attacks so far, the risks are changing and growing as local government becomes increasingly important in delivery of public services, more data is shared between councils and the ‘Internet of Things’, in which everyday objects have internet connectivity, becomes a reality.
Local government must play an active role in tackling this, including being involved in the new National Cyber Security Centre and in developing the National Cyber Security Strategy.
Socitm said this was necessary because “a national cyber-attack could be initiated locally, or local services could be penetrated and crippled, requiring a national response”.
They added that there is already a good baseline for cyber security in local government, with accreditation systems for public services network, payment card industry and related technology and data handling requirements, and professional advice being sought by local authorities.
The number of UK Local Resilience Forums who are bringing together councils and Local Enterprise Partnerships (LEPs) to consider the threat of cyber-attacks to local business development is also growing.
However, Socitm found that these organisations are failing to work together in order to adopt common standards and accountability.
For example, only half of local authorities belong to the government-founded Cyber Security Information Sharing Partnership.
The briefing adds: “Cyber resilience is generally seen as an ‘IT security’ matter in local government, not often treated as a major business and service threat, with top executive and political ownership. This needs to change.”
Socitm, who recently appointed Geoff Connell as their new president and Nicola Graham as their new vice president, said that local and national government should develop a symbiotic relationship in tackling cyber threats.
As part of this, local government should be given a specific remit for cyber resilience, with both executive and political accountability and including local risk assessment, audit, testing, awareness, public engagement, training and information sharing.
They also warn that, although funding for preventing cyber-attacks would not cost much, there has been a lack of funding since the Local e-Government programme finished in 2005.