Mr Viral
Maksim Kabakou – stock.adobe.com
Local government bodies are being invited to take advantage of a new NCSC-derived Cyber Assessment Framework to help enhance their resilience and ward off cyber attacks
By
Alex Scroxton,
Security Editor
Published: 10 Oct 2024 16:55
The Ministry of Housing, Communities and Local Government (MHCLG) has launched a Cyber Assessment Framework (CAF) for local government bodies, drawing on the National Cyber Security Centre’s (NCSC’s) existing CAF to offer tailored guidance and support to local authorities up and down the UK.
MHCLG said the new framework would set a clear cyber security standard for the sector, which experiences its fair share of cyber attacks in common with other public sector bodies. Historic attacks on local authorities, such as the Pysa ransomware hit on Hackney Council in October 2020, disrupt important local services – in Hackney’s case housing – impact residents’ daily lives, and can lead to significant costs and regulatory repercussions.
Ultimately, the enhanced CAF will enable local government bodies to assess and correct issues affecting their resilience to cyber attacks. Its core steps include identifying the critical systems relied upon within the organisation, completing self-assessments of the organisation and these systems, conducting an independent assurance review, and developing improvement and implementation plans to address vulnerabilities that could one day serve as entry points for threat actors.
Ben Cheetham, deputy director of digital at MHCLG, said the launch of the CAF represented a new focus for the department in terms of security.
“To date, MHCLG’s cyber support for councils has focused on remediating serious vulnerabilities to help improve the sector’s resilience to malware and ransomware,” he said.
“With the evolving cyber threat, it is now time to turn our attention to how we support councils to strengthen their cyber resilience for years to come.
“The CAF for local government helps organisations assess and improve their cyber security through a risk-based and holistic approach. This requires collaboration across the organisation, breaking down perceptions that cyber security is purely an IT issue,” continued Cheetham.
“This is a step-change that’s needed to protect important local government services in an ever-changing threat landscape. I would like to thank all the local authorities that have helped pilot the CAF for local government over the past couple of years and worked with us to ensure that it will be a success,” he added.
The initial two stages of the CAF – identifying systems and conducting self-assessments – are already available, with the other phases to be rolled out over the coming months as MHCLG’s local digital team works with feedback from pilots. The department said the full service is expected to become available in spring 2025.
MHCLG stressed that undertaking the framework was voluntary and could be completed in tandem with other standards, such as the NCSC’s Cyber Essentials scheme.
Read more on Regulatory compliance and standard requirements
Sellafield local authority slammed over response to North Korean ransomware attack
By: Tommy Greene
Neighbouring Kent councils hit by simultaneous cyber attacks
By: Alex Scroxton
New GovAssure cyber regime launches across UK government
By: Alex Scroxton
Assessing the aims of the Government Cyber Security Strategy
GIPHY App Key not set. Please check settings