Government crest Department for Levelling Up, Housing and Communities

Go to Local Digital homepageALPHA

Laying the foundations for the local public services of the future

Local Digital Cyber

Improving cyber health and resilience in local government

The Local Digital Declaration includes a commitment to the continuous improvement of cyber security practice, to support the security, resilience and integrity of our digital services and systems.

In the Autumn 2021 Budget, Local Digital was awarded £37.8 million of additional funding to tackle cyber security challenges facing councils and invest in local authority cyber resilience, protecting vital services and data.

As part of this, the Local Digital Cyber team is conducting two programmes of work with local authorities—Cyber Support and Cyber Assessment—to reduce the incidence and impact of cyber attacks, and support sustainable cyber risk management.

Follow our progress

Subscribe to the Local Digital newsletter to receive updates on our progress, plus news and events relevant to those working in and around local government cyber security. We also share regular updates on the DLUHC Digital Blog, on Twitter and on LinkedIn.

Current work

Cyber Assessment Framework (formerly Cyber Health)

Local Digital is supporting councils in England to assess and improve their cyber posture, in line with the ambitions set out in the Government Cyber Security Strategy 2022-2030.

In late 2022 we conducted a 4-month pilot with 10 councils in England to explore how the NCSC’s Cyber Assessment Framework (CAF) could be used to identify and manage cyber risks across the sector.

We have now published a report on the pilot, which outlines what we’ve learned so far, what we plan to do next, and how to request a copy of the CAF for Local Government.

To read more about the pilot and download the report, visit the CAF for Local Government page.

Cyber Support

Since 2020, the Cyber Support programme has worked with the Cabinet Office to support local authorities to address serious cyber security vulnerabilities. A total of 186 councils have received technical remediation and support to date, and DLUHC has provided over £19 million to carry out this vital work.

The support was prioritised according to need, based on the responses to the DLUHC Cyber Security Survey on Mitigating Malware and Ransomware.

The support includes:

  • bespoke technical remediation plans agreed with each council in the cohort
  • ensuring councils have effective backups in place – significantly reducing potential disruption in the event of ransomware attack
  • funded cyber security consultancy to support the work outlined in remediation plans
  • regular network scanning to track progress and identify emerging vulnerabilities
  • common guidance, tools and documentation for the benefit of the sector at large
  • regular clinics and events to share learning and build capability

While the cyber support programme is now coming to an end, we’ll continue to work through the remediation plans with the councils that are already enrolled and focus on how we can support all councils through the Cyber Assessment Framework.

How we're measuring the impact of our Cyber programme

To understand the impact of our work with councils to improve cyber security practices, we have commissioned an independent evaluation of the Local Digital Cyber programme.

To do this, we’ll be working with a sample of councils both within and outside the programme to update their scores to the Mitigating Malware and Ransomware survey that they previously completed, to see how their results might have changed over time and understand the impact of remediation work carried out as part of this programme.

As we begin to introduce the Cyber Assessment Framework, we’ll be working closely with cyber teams to understand the impact to councils adopting the CAF and how we can iterate and improve our approach over time.

Learn more about the evaluation study

Previous work

May 2020

The team completes a cyber security pre-discovery. Read the key findings from the pre-discovery in this blog post or read the pre-discovery report (PDF).

July 2020

The team completes a more in-depth discovery phase. 

The main findings from the discovery were that:

  • there are many cyber standards, but no clear baseline
  • an effective cyber baseline must encompass culture, leadership and ‘cyber first’ processes
  • leadership support is vital to embed standards and best practices across the organisation
  • leaders need to understand cyber risk to inform their decisions
  • legacy technology is a critical blocker to achieving cyber health
  • there is an opportunity for councils to collaborate in order to achieve greater security

Read the key findings from the discovery phase.

March 2021

The team completes two alpha projects to support local authorities to reduce the incidence and impact of cyber attacks, and support sustainable cyber health:

  1. The Cyber Health project explored the development of a tool and framework to support local authorities to achieve a recommended level of cyber health. Read more about the Cyber Health alpha project.
  2. The Cyber Support project provided expertise and support to identify issues and gaps in local authority cyber security. The team provided guidance, tools and good practice, and helped councils to develop a roadmap for cyber enhancement. Read more about the Cyber Support alpha project.

September 2022

Local Digital kicks off a pilot with 10 councils to explore how the NCSC’s Cyber Assessment Framework (CAF) could be used to help assess and manage cyber risks across local government in England. Read more about the launch of the CAF pilot.

December 2022

The first phase of the CAF for Local Government pilot is now complete – find out what we’ve learned so far and what we plan to do next.

To learn more about the pilot, hear key findings and insights, and listen to members of the pilot council cohort share their experience, register for the virtual event on 25 January 2023.

March 2023

The report from the CAF for Local Government pilot is released on Wednesday 15 March.

In the report, you can read about:

  • how we conducted the pilot
  • what we’ve learned so far
  • what we plan to do during the next phase of this work