In today’s world, organisations need to defend and protect against many cyber threats whilst remaining open to opportunities presented by new technology.
We have come to expect and want to access services – online and at a time to suit. New technologies such as driverless cars, telemedicine and IoT (internet of things) have created and continue to create great opportunities for the future.
With this increasing digital footprint, organisations need to ensure that their systems are cyber secure and resilient.
This is against a background, particularly noticeable in the last 12 months, of news of cyber-related attacks and incidents. Organisations are waking up to the fact that it is not ‘if’ but ‘when’ they will experience a cyber-related incident.
We set up the North West Warp about nine years ago. The Warp is a community service, designed to support organisations and involve those with lead responsibility for information security. It enables members to collaborate with peers and have access to timely information, guidance and expert advice.
The North West Warp has grown from seven to 40 organisations, with representatives from councils, NHS trusts, police, fire and rescue services and housing with numbers increasing each year. We have agreed ways of working, based on a trust model that we have developed: everyone in the Warp knows who everyone else is; participating organisations have named representatives who sign a non-disclosure agreement and meetings are run observing the Traffic Light Protocol system which sets out how members can use and share information.
This has created a trusted safe space for peers to seek advice and confidently discuss potentially sensitive topics. It is a solution that encourages collaboration and peer support, whether in meetings or online via the collaboration portal. It allows open and frank discussions where real help and support can be offered by others. It creates a forum where members can discuss hot topics, government policy and raise issues. We invite expert speakers and knowledge brokers from government and industry to share their expertise on hot topics.
In addition, members receive timely updates on threats and incidents. The benefit of this was evident during the WannaCry ransomware attack, as we were able to send out alerts quite early on to warn members who were able to take the necessary steps to safeguard their estate. We also take up issues on behalf of members, providing a collective voice when required, in response to policy and guidance.
The North West Warp has been around for almost a decade, but is now coming of age. The Ministry of Housing, Communities and Local Government is very keen for Warps to form part of the wider local public service resilience picture, and we are looking to see how we can engage with the business continuity, disaster recovery and local resilience communities, as they have skills that could be of real benefit to us in a serious cyber incident or attack.
We also want to increase membership, particularly from NHS organisations, having looked at the recommendations made in the report that followed WannaCry. We are strengthening links with other regional Warps which offers opportunities for even greater collaboration and knowledge sharing. For us, it is about developing the cyber security and resilience capabilities, at the grass roots.
Imagine the positive impact if every local authority, NHS organisation, police and fire and rescue service were involved in a regional Warp. Think of the opportunities for collaboration, knowledge-sharing and co-ordinated defence that we would have across the wider public sector.
Warps use a model based on trust: it’s about helping ourselves within the public sector to strengthen our own resilience and ability to respond should there be a cyber incident or attack.
This is based on Ajike Alli-Ameh’s talk at Socitm’s President’s Conference in Glasgow on 9 May 2018.
North West Warp: http://i-network.org.uk/services/warp/
Traffic Light Protocol: https://www.us-cert.gov/tlp