Agenda item

The Chairman invited Cllr Neil Prior and Jamie Cross, Adviser – Cyber Security, to introduce the update.

Neil said that cyber security was now more important than ever for councils as increasing amounts of their business were being conducted online. In addition, there had been several high-profile breaches in recent months. The LGA was well-placed to develop good practice in this area and members also had a duty to ensure their councils were prepared. He highlighted an article in the LGA First magazine which contained a list of questions for members to ask their officers on cyber security preparedness.

Jamie gave a presentation on the LGA’s cyber security programme and highlighted that the current 3-year funding package would come to an end in March 2021. The forthcoming Government Spending Review would hopefully provide clarity on future funding beyond March.

Jamie briefed members on the current testing project, which had been adapted to address cyber security issues arising from Covid. The project will work with 10% of councils, offering each an NCSC approved vulnerability test. He then outlined plans for future expansion of the programme, assuming continued funding.

Members would receive a further update in 2021 once the funding situation was clearer.

Following the introduction, Members raised the following points:

·       Is there a vulnerability for councils associated with their  their arms-length organisations? Jamie said that there was a big piece of work to do with councils’ procurement teams on this.

·       Were there any plans to have an article in First magazine about the recent security breaches? Jamie said that follow up guidance to Neil’s article could be issued.

·       Were any conversations taking place with other public sector bodies to share experiences? Jamie said that there is ongoing collaboration with partner organisations and it was important not to work in silos.

·       A request was made to share information and resources with council leaders, not just Chief Executives. Jamie agreed and said that it was important to engage councillors as widely as possible.

·       The issue of the impact of ransomware attacks on councils and their data was raised. Jamie said that this was a growing issue and the best way to counter it was for councils to make regular data back-ups which are segregated from the network and held  off-site.

·       It was suggested that council policies, for example around the requirement for complex passwords, could be counterproductive. Jamie agreed that policies needed to be user-friendly and designed with people in mind if they were to be complied with effectively.

·       The concept of ‘techno-diversity’ was felt to be important in fighting cyber-crime as it increased an organisation’s resilience.

·       How have councils progressed after the initial stocktake was carried out? Can we show that the LGA’s intervention has had a positive effect? Jamie said that whilst the stocktake was successful it was undertaken at a time when the threats were less complex. It was important to embed a culture of honest self-assessment amongst councils.

·       Most councils now encouraged residents to access services online – would this approach need to change if the cyber threats kept growing? Concern was also expressed that the NHS might be less willing to integrate services with councils if they felt that there was a weakness in council IT systems. Jamie reassured members that everything was being done to avoid these scenarios.

Decision:

Members of the Improvement & Innovation Board noted:

·       The progress of the programme to date.

·       The future of the programme.

Actions:

·       Jamie to share ‘questions to ask officers’ graphic and powerpoint presentation with members.