The impacts of potential cyber incidents towards a council can be devastating, shown by the high-profile attacks on Hackney and Redcar and Cleveland councils in recent times. The potential hazards could involve huge risks to financial costs involved to respond to the incidents and subsequently rebuild. Cyber-attacks can also threaten the delivery of critical services such as social care and the revenues that accumulate to drive innovation within communities.
Local Digital aim to work with local councils to address and manage the potential cyber risks that could debilitate the regional government. Through Local Digital’s research, there are findings to support many cyber standards, but no clear baseline for the local governments, which makes it difficult to prioritise the requisite improvements that should be implemented whilst building a convincing business case for investment.
Local Digital have the ambition to establish the clear standards necessary to progress cyber resiliency for local authorities across England. These standards will be based around the established National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) and will guide councils to better understand their cyber posture.
About the Cyber Assessment Framework
The Government Cyber Security Strategy sets out an ambitious approach that will establish the core foundations of an organisational cyber resilience across government. The NCSC’s Cyber Assessment Framework will be adopted as a method of assessing cyber risks, while the CAF profiles guide organisations as to which outcomes they should be fully or partially achieving
About the pilot project
A pilot project is now underway collaborating with a small cohort of councils, with it set to take place over the Autumn period, seeing tests of a Local Government CAF Profile. This will be followed with an exploration into the benefits and challenges for councils of using this to assess their posture.
These pilot councils will assess their network with reference to the 39 CAF Outcomes and supporting Indicators of Good Practice, followed by a review of the process via one-to-one workshops with a DLUHC cyber assessor.
We will capture the experience and insights from each council and explore questions like:
- Will the same CAF Profile be appropriate for all councils in England?
- What guidance will councils need to complete it?
- Is a single assessment per council going to be useful and viable?
- What are the potential barriers and challenges to councils carrying out the assessment?
- What (if any) additional sector-specific Indicators or guidance would be beneficial for councils?
- Is the assessment a helpful way for councils to identify and prioritise cyber resilience actions? Why?
- How does the Local Government CAF align with existing frameworks used by councils?
What happens next?
The findings of this pilot scheme will be logged and assessed as it progresses through the DLUHC Digital blog and online events. Upon the completion of this pilot, plans are to continue the roll out of the CAF with councils across England, with continued iteration and developments around the frameworks that support guidance upon what reporting and assurance models for local government could look like.