Local Digital Cyber

Improving cyber health and resilience in local government

The Local Digital Declaration includes a commitment to the continuous improvement of cyber security practice, to support the security, resilience and integrity of our digital services and systems.

In the Autumn 2021 Budget, Local Digital was awarded £37.8 million of additional funding to tackle cyber security challenges facing councils and invest in local authority cyber resilience, protecting vital services and data.

As part of this, the Local Digital Cyber team is conducting two programmes of work with local authorities—Cyber Support and Cyber Assessment—to reduce the incidence and impact of cyber attacks, and support sustainable cyber risk management.

Follow our progress

Subscribe to the Local Digital newsletter to receive updates on our progress, plus news and events relevant to those working in and around local government cyber security. We also share regular updates on the DLUHC Digital Blog, on Twitter and on LinkedIn.

Current work

Cyber Assessment Framework (formerly Cyber Health)

This programme aims to support councils in England to better assess their cyber posture, in line with the ambitions set out in the Government Cyber Security Strategy.

In September 2022, Local Digital kicked off a pilot with 10 councils to explore how the NCSC’s Cyber Assessment Framework (CAF) could be used to help assess and manage cyber risks across local government in England.

The first phase of the pilot is now complete, and we have published a blog post to share what we’ve learned so far and what we plan to do next. We are also preparing a report on this phase of the pilot, which we aim to make available on this page in early 2023.

Cyber Support

Since 2020, the Cyber Support programme has worked with the Cabinet Office to support local authorities to address serious cyber security vulnerabilities. A total of 186 councils have received technical remediation and support to date, and DLUHC has provided over £19 million to carry out this vital work.

The support was prioritised according to need, based on the responses to the DLUHC Cyber Security Survey on Mitigating Malware and Ransomware.

The support includes:

  • bespoke technical remediation plans agreed with each council in the cohort
  • ensuring councils have effective backups in place – significantly reducing potential disruption in the event of ransomware attack
  • funded cyber security consultancy to support the work outlined in remediation plans
  • regular network scanning to track progress and identify emerging vulnerabilities
  • common guidance, tools and documentation for the benefit of the sector at large
  • regular clinics and events to share learning and build capability

While the cyber support programme is now coming to an end, we’ll continue to work through the remediation plans with the councils that are already enrolled and focus on how we can support all councils through the Cyber Assessment Framework.

Previous work

May 2020

The team completes a cyber security pre-discovery. Read the key findings from the pre-discovery in this blog post or read the pre-discovery report (PDF).

July 2020

The team completes a more in-depth discovery phase. 

The main findings from the discovery were that:

  • there are many cyber standards, but no clear baseline
  • an effective cyber baseline must encompass culture, leadership and ‘cyber first’ processes
  • leadership support is vital to embed standards and best practices across the organisation
  • leaders need to understand cyber risk to inform their decisions
  • legacy technology is a critical blocker to achieving cyber health
  • there is an opportunity for councils to collaborate in order to achieve greater security

Read the key findings from the discovery phase.

March 2021

The team completes two alpha projects to support local authorities to reduce the incidence and impact of cyber attacks, and support sustainable cyber health:

  1. The Cyber Health project explored the development of a tool and framework to support local authorities to achieve a recommended level of cyber health. Read more about the Cyber Health alpha project.
  2. The Cyber Support project provided expertise and support to identify issues and gaps in local authority cyber security. The team provided guidance, tools and good practice, and helped councils to develop a roadmap for cyber enhancement. Read more about the Cyber Support alpha project.

September 2022

Local Digital kicks off a pilot with 10 councils to explore how the NCSC’s Cyber Assessment Framework (CAF) could be used to help assess and manage cyber risks across local government in England. Read more about the launch of the CAF pilot.

December 2022

The first phase of the CAF pilot is now complete – find out what we’ve learned so far and what we plan to do next.

To learn more about the pilot, hear key findings and insights, and listen to members of the pilot council cohort share their experience, register for the virtual event on 25 January 2023.