Jump to section
Challenges
- Having worked closely with the Local Government Association (LGA) and the Ministry of Housing, Communities and Local Government (MCHLG) Cyber teams, there is a need to have a clear cyber security strategy for continuous improvement.
- The significant increase in the volume of cyberattacks seen against UK government and educational establishments over the past few years.
- 40% of all incidents managed by the National Cyber Security Centre (NCSC) between September 2020 and August 2021 had some level of impact on the public sector in the UK.
- For the 12-month period of 2022 the NCSC estimated that, across all UK businesses, there were approximately 2.39 million instances of cyber-crime and approximately 49,000 instances of fraud because of cyber-crime.
Approach
The strategy will mirror the 2023 – 2030 UK government cyber security strategy which, adapted to reflect our local context.
Vision
To ensure that the delivery of local government services on the Isle of Wight will be resilient to cyber attack and which underpins the strengthening of the UK as a sovereign nation, cementing its authority as a democratic and responsible cyber power.
Aim
For the Isle of Wight Council to meet the central government target to be significantly hardened to cyber attack by 2025 and being resilient to known vulnerabilities and attack methods no later than 2030.
Outcomes and benefits
The five underpinning objectives of the central government’s cyber security strategy set out what must be considered by public bodies’ in securing cyber resilience. This strategy will map out the Isle of Wight Council’s approach to each of these objectives.
- Manage cyber security risk: To establish effective cyber security risk management processes, governance and accountability that enables the identification, assessment, and management of cyber security risks.
- Protect against cyber attack: Adopting proportionate security measures informed by understanding risk and mitigating risks where feasible through centrally developed security measures that give protection at scale.
- Detect cyber security events: Undertaking comprehensive monitoring of systems, networks and services to enable cyber security events to be managed before they become incidents.
- Minimise the impact of cyber security incidents: Ensuring that cyber security incidents are swiftly contained and assessed, enabling rapid response at scale.
View original case study article at iow.moderngov.co.uk [PDF]