Local Digital Cyber

Improving cyber health and resilience in local government

The Local Digital Declaration includes a commitment to the continuous improvement of cyber security practice, to support the security, resilience and integrity of our digital services and systems.

In the Autumn 2021 Budget we were awarded £37.8 million of additional funding to tackle cyber security challenges facing councils and invest in local authority cyber resilience, protecting vital services and data.

As part of this, the Local Digital Cyber team is conducting two programmes of work with local authorities—Cyber Support and Cyber Health—to reduce the incidence and impact of cyber attacks, and support sustainable cyber health.

Current work

Cyber Health

The Cyber Health programme aims to support councils in England to better assess their cyber posture, in line with the ambitions set out in the Government Cyber Security Strategy.

In Autumn 2022, the Local Digital team will be working with councils to help establish a clear and comprehensive cyber resilience standard for local government in England.

We’re partnering with a small cohort of councils as part of a pilot project to explore how local authorities should use the National Cyber Security Centre’s Cyber Assessment Framework (CAF) to assess and improve their cyber resilience.

Read more about the CAF pilot in this blog post.
 

Cyber Support

Since 2020, we’ve worked with the Cabinet Office to support around 120 local authorities to address serious cyber security vulnerabilities and have provided over £13 million to carry out this vital work.

Our Cyber Support programme provides funding and expertise to help local authorities address cyber security vulnerabilities. This support is prioritised according to need, based on the responses to our DLUHC Cyber Security Survey on Mitigating Malware and Ransomware.

The support includes:

  • bespoke technical remediation plans agreed with each council in the cohort
  • ensuring councils have effective backups in place – significantly reducing potential disruption in the event of ransomware attack
  • funded cyber security consultancy to support the work outlined in remediation plans
  • regular network scanning to track progress and identify emerging vulnerabilities
  • common guidance, tools and documentation for the benefit of the sector at large
  • regular clinics and events to share learning and build capability

We’re in the process of onboarding our final cohort of councils into the cyber support programme. Please submit a response if your council has not yet done so.
 

Follow our progress

Subscribe to the Local Digital newsletter to receive regular updates on our progress, plus news and events relevant to those working in and around local government cyber security.

We also share regular updates on the DLUHC Digital blog and on Twitter and LinkedIn.

Previous work

May 2020

The team completes a cyber security pre-discovery. Read the key findings from the pre-discovery in this blog post or read the pre-discovery report (PDF).

July 2020

The team completes a more in-depth discovery phase. 

The main findings from the discovery were that:

  • there are many cyber standards, but no clear baseline
  • an effective cyber baseline must encompass culture, leadership and ‘cyber first’ processes
  • leadership support is vital to embed standards and best practices across the organisation
  • leaders need to understand cyber risk to inform their decisions
  • legacy technology is a critical blocker to achieving cyber health
  • there is an opportunity for councils to collaborate in order to achieve greater security

Read the key findings from the discovery phase.

March 2021

The team completes two alpha projects to support local authorities to reduce the incidence and impact of cyber attacks, and support sustainable cyber health:

  1. The Cyber Health project explored the development of a tool and framework to support local authorities to achieve a recommended level of cyber health. Read more about the Cyber Health alpha project.
  2. The Cyber Support project provided expertise and support to identify issues and gaps in local authority cyber security. The team provided guidance, tools and good practice, and helped councils to develop a roadmap for cyber enhancement. Read more about the Cyber Support alpha project.