The National Cyber Security Centre has committed to improving collaboration with councils and producing better guidance for local government.
Alison Whitney speaking at the Socitm annual conference in Milton Keynes yesterday – Photo credit: Rebecca Hill
Alison Whitney, the deputy director of digital services at the NCSC, yesterday acknowledged that until now cyber security work the government’s work on cyber security has focused on central government.
Addressing the Socitm annual conference for local government digital leaders in Milton Keynes, Whitney said that guidance was often written with Whitehall in mind and was not always accessible for other parts of government.
However, she said that the new centre – which was officially opened at the start of the month and aims to bring all aspects of government cyber security together – was trying to address this.
Whitney said that it was “really important” that the NCSC understands what local government needs, and that work was already being done to identify the pinch points for councils.
She said that the initial challenge was deciding where to start, noting that the NCSC had limited resources for the work and that it would not have been possible to develop one-to-one relationships with each local authority.
“We needed to look at how to maximise the impact we could have,” she said.
After a period of consultation and discussion, Whitney said the centre had decided to focus its work on local government associations, such as Socitm, the Society for Local Authority Chief Executives and the Local Government Association.
The centre’s staff – most of whom have been drawn from other government agencies – have also held a number of regional briefings over the past year with the Department for Communities and Local Government.
Whitney said this had helped the NCSC understand more about where it can improve its offering for local government.
Work will include further regional briefings with DCLG, more work with a major focus being on the guidance the centre will offer on cyber security.
“[Existing] guidance was nearly always written with central government in mind,” Whitney said. “We are trying to make it less obviously focused on central government users and offer more case studies about local government and other sectors.”
For instance, she said, they had this week published guidance on ransomware – a subject they “probably wouldn’t have touched” previously – because it has such a big effect on local government and the healthcare service.
“We went through and reviewed guidance to make it user agnostic,” Whitney said. “IT is IT is IT; in many instances, it doesn’t matter who you are or what you’re doing.”
Her comments are likely to go some way towards allaying concern that the NCSC was not engaging with local government enough and could end up letting it be the “weak link” in public sector cyber security.
Indeed, participants generally welcomed the NCSC’s efforts to engage with local government – especially on providing more relevant guidance – to date.
Whitney agreed, though, that more work was needed. “We realise we’ve only skimmed the surface of [understanding the problems local government faces], and need to do some further deep dives,” she said.