Defend as One

We recently completed an initial six-month pilot with 10 councils to assess the costs, benefits, and challenges of providing Security Operations Centre (SOC) provision to local government. We are now evaluating the results and exploring other potential interventions to support the sector and inform our long-term approach to improving incident detection. Updates and findings will be shared through our regular engagement and newsletters.

We are planning to launch a Cyber Incident Response (CIR) service for local government. This service will provide eligible councils with access to an NCSC Enhanced Level CIR provider to support the containment and eradication of cyber incidents.

We want to help councils respond to and recover from cyber incidents as quickly as possible, reducing disruption and protecting essential public services.

Further guidance on eligibility and how to access this service will be shared soon.

We’re exploring how best to share cyber threat and vulnerability information with councils through two pilots:

Cyber Alert Service (CAS) - an initial 3-month pilot launched in March 2025 to deliver critical information about emerging threats and vulnerabilities. The evidence collected and feedback from participants will help us deliver our long-term approach to future intelligence sharing with the sector

Vulnerability Reporting Service (VRS) - a pilot launched in February 2025, in partnership with the Government Cyber Coordination Centre (GC3), we’re testing how councils can receive real-time alerts about specific vulnerabilities at their council, communicate directly with the security researchers, and improve visibility and response time across services

We have begun onboarding councils onto the VRS platform from July 2025. If you would like to be involved, please get in touch via [email protected].

We are also continuing to share urgent threat alerts with the sector via GOV.UK Notify and pass-on intelligence received from central government partners.