By SA Mathieson, editor of Socitm In Our View magazine
Socitm members should increase their engagement with Warp security groups, according to speakers at the Local Public Service CIO Council (LCIOC) on 28th June.
During a discussion on cyber security, held at the Connected Local Government Live event* in Birmingham, council members recommended that each local authority’s IT security staff should be engaged with a warning, advice and reporting point group to share experiences. This was particularly important given the Wannacry ransomware attack on the NHS in May and a new wave of cyber attacks hitting organisations worldwide as the meeting took place.
Socitm is a founding member of the Local Government Cybersecurity Stakeholder Group, which also involves the Local Government Association, Solace, Adass and the National Cyber Security Centre. The group’s most recent meeting discussed how to improve responses to incidents, with building regional capacity seen as one way to achieve this.
LCIOC members discussed whether councils should disconnect links to the NHS when its organisations are hit by a cyber attack such as Wannacry. Socitm will publish updated advice on this shortly.
The meeting heard that there were three things that Socitm members should do immediately to improve security:
- Block traffic from high-risk countries;
- Use the government’s free public sector domain name system (DNS) service which blocks users from accessing domains used for malware;
- Introduce domain-based message authentication, reporting and conformance (D-Marc), an email authentication system that protects users from fraudulent email.
LCIOC members also received an update on NHS Digital’s replacement of the N3 network with Health and Social Care Network services, discussed the difficulty of interoperability standards for ‘smart’ internet of things hardware and heard about opportunities for improved working with the Crown Commercial Service.
* Socitm Insight will publish a fuller account of the LCIOC meeting for members later this month, this will be available in the publications section of the website to Socitm Insight Subscribers.
NSCS information on Warps: https://www.ncsc.gov.uk/articles/what-warp
Socitm blog post on security for Solace: http://www.solace.org.uk/knowledge/articles/2017-06-23-cybersecurity-fight-needs-everyone-to-volunteer/
UK public sector DNS service: https://www.ncsc.gov.uk/news/uk-public-sector-dns-service