Our Cyber, Digital and Technology programme publishes resources and guidance, provides policy representation, delivers incident response support and convenes networks to support the secure digitalisation of local government.
Digital tools will continue to play an important role in driving forward efficient service delivery against increasing demand on services and shrinking budgets. This creates a need to support local government and its services to be as secure as possible, and to ensure that residents and communities can use local government digital services with confidence and trust their information is safe. Our Cyber, Digital and Technology programme has helped to meet that need by developing resources and guidance, providing policy representation, delivering incident response support and convening networks to support the secure digitalisation of local government.
During 2022/23, the programme:
- provided funding to two thirds of councils to develop officers in technical cyber security skills, improving the cyber posture, standards and knowledge of the local government workforce
- convened 32 network meetings, bringing together more than 300 sector representatives, to strengthen the collective voice of local government cyber, digital and technology professionals, on a national stage
- delivered LGA Cyber 360s at 16 councils, and reaction exercises at seven councils, improving organisation-wide culture of cyber resilience and business continuity
- launched a cyber, digital and technology e-bulletin shared with over 1,000 subscribers
- submitted three consultation responses to Government on identity verification, ransomware and software resilience, and published four policy briefs on national cyber, digital and technology policy issues
- worked with Socitm and Solace to develop our 12 digitalisation outcomes, and published our Digitalisation Almanac with PUBLIC to showcase key guidance, best practice and sector specific information relating to each outcome.
Case study – Barnsley Cyber 360: value for money
Why did you decide to participate in a Cyber 360?
We were keen to take up the opportunity to get feedback on our cyber security strategy, plans, and checks and balances. We hoped that the Cyber 360 could provide some assurance on Barnsley council’s plans, while also acknowledging that cyber strategies and plans would need to be constantly updated to keep up with the changing threat landscape. We felt that it would be especially beneficial to get an external perspective from officers working in different organisations, including councils. We hoped that we’d receive advice, support, and fresh ideas, as well as an outside view on whether we were on the right track.
Was taking part in the Cyber 360 a valuable experience for the council?
Yes. Taking part in a Cyber 360 helped to 'open the door' for the council’s cyber security programmes, and significantly raised awareness of cyber security across the council. It really helped us – via the LGA – to articulate the challenges that we were facing to an internal audience. The messages in the report hit home for our non-technical staff. The 360 process helped us to reflect that we’d had a perception that the IT team could 'fix' any cyber issues, that any incidents would impact for at most a few days. Participating in the process helped to highlight that this is not the case. Since then, engagement in cyber security has exploded across the council. Our head of compliance now regularly presents at senior management team meetings – including presenting the Cyber 360 report. The Cyber 360 has helped to get cyber issues to the top table of elected members as well as management. Prior to the Cyber 360, we already delivered briefings on phishing to elected members, and provided as much advice and guidance as possible, but the 360 has helped with this. The audit committee also saw the 360 report and were able to provide check and challenge from their member perspective.
Did the time spent on the Cyber 360 provide good value for money for the council?
Yes. Participating in the Cyber 360 has generated a lot of work, which has cost the council money, but we see this as an investment. Previously, the council has engaged consultants to support us in a variety of work areas. Participating in the Cyber 360 meant that we did not have to do this for cyber security. The Cyber 360 helped to demonstrate to us that we are doing a good job with a small team. This has helped to avoid a costly transformation exercise. It has also helped us to strategise, as we are currently drafting a new cyber security strategy. This will be hugely informed by the Cyber 360, including the principle that cyber security is led by the whole organisation with support from the IT team.
Around the same time as the Cyber 360, Barnsley Council received around £100,000 of funding from the Department for Levelling up, Housing and Communities, to support our cyber security work. We had started work to understand the gaps in our approach, but the Cyber 360 helped to inform the “shopping list” for this funding. We are now progressing several technical solutions as well as improving our suite of policies and team capacity. As well as the Cyber 360, we also participated in the LGA’s business continuity exercise. This has had a significant impact on awareness of cyber security risks across the council. Senior colleagues are now actively considering how to maintain service provision if the council is hit by a cyber attack and has no IT provision. We always wanted to carry out more exercises of cyber attack scenarios. The LGA’s exercise as well as the Cyber 360 has helped to build an appetite for this and emphasise the importance of it.
Since participating in the Cyber 360, the council’s IT team has been kept extremely busy supporting departments with projects that have arisen from the 360 recommendations, and with hosting workshops. We recently carried out a similar emergency resilience exercise with 40 heads of service and the chief executive, which was very well-received. Our IT team has also been invited to speak to the council’s scrutiny committee. This follows on from the recent LGA guidance for scrutiny committees on cyber security. The IT team is excited about this opportunity – the council has undergone many effective changes recently, and it can only be a good thing that this is highlighted to the scrutiny committee. Overall, it has been a very worthwhile process – well worth the time and effort. We got more than we expected out of it.