The National Cyber Security Centre (NCSC) can apply good practices to increase cybersecurity in the sector.
FREMONT, CA: In an era of cyber threats, resilient public services point to a range of prevailing vulnerabilities while recognizing the gains achieved in recent years. The report's target is the cybersecurity framework in the public sector, which is complex, with several conflicting remits, and suffers from vague guidelines for local entities due to which they have to deal with any attacks.
It shows the impact of the Wannacry ransomware attack in 2017 on the NHS and another in the same year on Copeland Council. The study's relevance has increased as it was released at the time of a cyber assault on Hackney Council. As a result, it proposes a range of measures to improve the cyberinfrastructure for the NCSC.
The first one is an audit of current warning advice reporting points (WARPs), in which public sector practitioners share cyber threat knowledge to determine the best procedures and activities that could be expanded nationally. It should be part of an evaluation of the required funding.
The second point is that the NCSC should improve the ability and mandate for those in the public sector to manage confidential information to engage in its training courses.
Thirdly, government agencies should define positions that need any cybersecurity training and change the job requirements accordingly. Applicants with credentials should earn preference and have career paths in place for specific work.
The new National Cyber Security Plan, planned for later this year, should also be considered, including an audition by local public sector agencies to verify their commitment to national standards. Finally, to support procurement, the NCSC could work on a kitemark for cyber-secure products.
Lack of skills and co-ordination
These represent critical themes of the study, including the lack of appropriate expertise, the local-national gap in information sharing and communication, the absence of a local government cybersecurity central coordinating body, and the requirement for right technology in the sector.
The digitization of public services in the UK has been accelerated by Covid-19, which, although promising, presents an increased cyber risk. The utilization of remote working equipment and multi-agency practice has also been accelerated, potentially exposing the public sector to further vulnerabilities.