Local Digital Cyber

Improving cyber health and resilience in local government

The DLUHC Local Digital team is working to reduce the incidence and impact of cyber attacks, and support sustainable cyber risk management. This is part of our commitment to the continuous improvement of cyber security practice.

On this page you can read about our current programmes – Cyber Support and the Cyber Assessment Framework – as well as past cyber work.

Current cyber work

Cyber Assessment Framework (CAF)

Local Digital is supporting councils in England to assess and improve their cyber posture in line with the aims of the Government Cyber Security Strategy.

We’re exploring how the Cyber Assessment Framework (CAF) devised by the National Cyber Security Centre (NCSC) could be used across the sector in England to help drive cyber resilience.

To learn more about this programme, visit the Cyber Assessment Framework webpage.
 

Cyber Support

Since 2020, the Cyber Support programme has worked with the Cabinet Office to support local authorities to address serious cyber security vulnerabilities. DLUHC has provided £19.9 million in grant funding to carry out this work.

The support was prioritised according to need, based on the responses to the DLUHC Cyber Security Survey on Mitigating Malware and Ransomware.

The support included:

  • bespoke technical remediation plans agreed with each council in the cohort
  • ensuring councils have effective backups in place – significantly reducing potential disruption in the event of ransomware attack
  • regular network scanning to track progress and identify emerging vulnerabilities

While the cyber support programme is now coming to an end, we’ll continue to work through the remediation plans with the councils that are already enrolled and focus on how we can support all councils through the Cyber Assessment Framework.

Follow our progress

Subscribe to the Local Digital newsletter to receive regular updates on our cyber work, plus news and events relevant to those working in and around local government cyber security.

Previous cyber work

May 2020

The team completes a cyber security pre-discovery. Read the key findings from the pre-discovery in this blog post or read the pre-discovery report (PDF).

July 2020

The team completes a more in-depth discovery phase. 

The main findings from the discovery were that:

  • there are many cyber standards, but no clear baseline
  • an effective cyber baseline must encompass culture, leadership and ‘cyber first’ processes
  • leadership support is vital to embed standards and best practices across the organisation
  • leaders need to understand cyber risk to inform their decisions
  • legacy technology is a critical blocker to achieving cyber health
  • there is an opportunity for councils to collaborate in order to achieve greater security

Read the key findings from the discovery phase.

March 2021

The team completes two alpha projects to support local authorities to reduce the incidence and impact of cyber attacks, and support sustainable cyber health:

  1. The Cyber Health project explored the development of a tool and framework to support local authorities to achieve a recommended level of cyber health. Read more about the Cyber Health alpha project.
  2. The Cyber Support project provided expertise and support to identify issues and gaps in local authority cyber security. The team provided guidance, tools and good practice, and helped councils to develop a roadmap for cyber enhancement. Read more about the Cyber Support alpha project.

October 2021

In the Autumn 2021 Budget, Local Digital is awarded £37.8 million of additional funding to tackle cyber security challenges facing councils and invest in local authority cyber resilience, protecting vital services and data.

September 2022

Local Digital launch a pilot with 10 councils to explore how the NCSC’s Cyber Assessment Framework (CAF) could be used to help assess and manage cyber risks across local government in England. Read more about the launch of the CAF pilot.

December 2022

Local Digital complete the first phase of the CAF pilot. In a blog post on DLUHC Digital, we shared what we’ve learned so far and what we plan to do next.

March 2023

The report from the CAF for Local Government pilot is released on Wednesday 15 March.

In the report, you can read about:

  • how we conducted the pilot
  • what we’ve learned so far
  • what we plan to do during the next phase of this work

May 2023

Local Digital launch the pilot of the Future Councils programme. Through the pilot, DLUHC is funding 8 councils to make digital and cyber improvements across their organisations, reform key services, and influence organisation-wide factors that can unblock change.

The 8 pilot councils will be expected to assess themselves against the CAF. Through the CAF assessment, we aim to help councils identify improvements that will result in more cyber secure, resilient public services.

How we're measuring the impact of our Cyber programme

To understand the impact of our work with councils to improve cyber security practices, we have commissioned an independent evaluation of the Local Digital Cyber programme.

To do this, we’ll be working with a sample of councils both within and outside the programme to update their scores to the Mitigating Malware and Ransomware survey that they previously completed, to see how their results might have changed over time and understand the impact of remediation work carried out as part of this programme.

As we begin to introduce the Cyber Assessment Framework, we’ll be working closely with cyber teams to understand the impact to councils adopting the CAF and how we can iterate and improve our approach over time.

Learn more about the evaluation study.

Learn more