Jump to section
Challenges
- Increasing frequency and sophistication of cyber attacks targeting local government
- Need for improved cyber resilience, cyber strategies in local government organisations
- Sustainable management of cyber risks in a rapidly evolving threat landscape
Approach
The team is implementing various cyber programmes to address these challenges:
2020
- In May 2020, completed a pre-discovery and then a discovery to investigate how MHCLG might support local authorities to reduce the incidence and impact of cyber attacks and support sustainable cyber health.
- A cyber health framework was identified as one of the main areas of opportunity to progress into an alpha project, to support council staff to navigate numerous and sometimes overlapping standards.
2021
- Completed two alpha projects to support local authorities to reduce the incidence and impact of cyber attacks, and support sustainable cyber health:
- The Cyber Health project explored the development of a tool and framework to support local authorities to achieve a recommended level of cyber health.
- The Cyber Support project provided expertise and support to identify issues and gaps in local authority cyber security.
- In the Autumn 2021 Budget, Local Digital was awarded £37.8 million of additional funding to tackle cyber security challenges facing councils and invest in local authority cyber resilience, protecting vital services and data.
2022
- The introduction of the Government Cyber Security Strategy in 2022 changed the team’s direction towards the NCSC’s Cyber Assessment Framework (CAF).
- Conducted a pilot with 10 councils in England to explore how the NCSC’s Cyber Assessment Framework (CAF) could be used to help assess and manage cyber risks across the sector.
2023
From May 2023 to February 2024, they carried out further testing of the CAF through the Future Councils pilot. This included testing documentation, guidance and templates to guide councils through a CAF assessment.
2024
In February, they kicked off an alpha project to develop the CAF service and conduct further testing with a cohort of 20 councils. Updates on the project will be shared on the CAF for local government webpage.
Outcomes and benefits
- Reduced incidence of successful cyber attacks on local government
- Minimized impact when attacks do occur
- Improved overall cyber health in local government organizations
- More sustainable and effective cyber risk management practices