The LGA has developed a series of blueprints to support councils to review and establish their strategic and operational approach to managing their cyber defences and bolstering their resilience plans in the event of a cyber-attack.
With the cyber threat landscape rapidly evolving, it is more important than ever that councils have robust strategies and plans in place to detect and respond to cyber-attacks.
The series contains blueprints to help councils plan their approach to managing and protecting against cyber threats and integrate cyber resilience planning to ensure councils can continue to deliver critical services to their communities in the event of a cyber incident.
Blueprints within this series
- Cyber security strategy
- Business continuity plan
- Disaster recovery plan
The LGA has developed a series of blueprints to support councils in England with cyber defence and resilience. They bring together a set of essential points to consider in managing, detecting, defending against and minimising the impact of cyber incidents. Each blueprint has been produced in line with the National Cyber Security Centre’s (NCSC) Cyber Assessment Framework.
With the cyber threat landscape rapidly evolving, it is more important than ever that councils have robust strategies and plans in place to detect and respond to cyber-attacks. Our blueprints are intended to help councils with managing, and protecting against, cyber threats. We encourage councils to embed cyber resilience planning at strategic and operational levels to ensure the continuous delivery of critical services if and when a cyber incident occurs.
Cyber security strategy blueprint
It is not possible to completely eliminate the risk of a cyber incident. However, councils should take steps to maximise defences and minimise vulnerabilities in a way that is proportionate to the risks faced by the authority across all its services and departments. Developing a cyber security strategy is an important step in doing this.
This blueprint outlines the key things to consider when writing or updating a cyber security strategy. It sets out an approach to protecting services and assets which enable councils to continue delivering critical services for the benefit of local communities.
It is recommended that the blueprint is read in conjunction with our Cyber 360 Framework. This is a resource which supports councils to develop their security and resilience capabilities and knowledge in line with existing good practice, advice, and standards.
Business continuity plan (BCP) blueprint
There is no single method for developing a corporate BCP. This blueprint is best used as a starting point for developing a comprehensive corporate BCP based on acknowledged good practice in the local government sector. This blueprint offers advice, but this should not be taken as assurance of the end goals, or the means in achieving them.
This blueprint is aimed at Strategic (Gold) and Tactical (Silver) levels of command in councils in England. We have developed this guidance to support corporate business continuity planning and to provide incident response guidance. We suggest using this blueprint when:
- Considering how to write or update a plan.
- Starting conversations with colleagues involved in implementing the Plan.
- Collecting the information needed to support the development of an effective plan.
Disaster recovery plan blueprint
This Blueprint is aimed at ICT professionals working in councils in England. We suggest using it to facilitate dialogue with colleagues to ensure a joined-up and well-understood approach to cyber planning and disaster recovery implementation measures. This Blueprint is aimed at ICT professionals working in councils in England. We suggest using it to facilitate dialogue with colleagues to ensure a joined-up and well-understood approach to cyber planning and DR implementation measures.
We recognise that councils face different challenges and operate within diverse environments. The blueprints are therefore only intended to provide general guidelines and principles that councils can reference to help them develop their cyber strategies and resilience plans whilst tailoring these to their local context. If you would like to arrange a conversation with the LGA team, please email [email protected]