UK Ministry of Housing, Communities and Local Government (MHCLG) 
MHCLG’s Defend as One (DaO) programme is supporting councils to address shared cyber threats through collaboration and knowledge sharing. We want to take a unified and proactive approach to cyber security by sharing data, expertise and capabilities across government and the wider sector.
The Government Cyber Security Strategy (2022 to 2030)
“While developing a strong foundation of organisational cyber security is critical, the scale and pace of the threat demands a more comprehensive and joined up response. Government will therefore ‘defend as one’; harnessing the value of sharing cyber security data, expertise and capabilities across government to present a defensive force disproportionately more powerful than the sum of its parts.”
Programme aims
Based on one of the key pillars of the Government Cyber Security Strategy, Defend as One aims to:
- reduce the impact of cyber incidents by coordinating the cross-government response, improving how councils respond, and minimising the impact of repeated or scaled attacks
- facilitate knowledge sharing including cyber intelligence, best practices, and tools across councils and the wider public sector
Sharing cyber intelligence
We are looking at how we can to share critical cyber threat and vulnerability intelligence with councils. Our main method is through GovNotify alerts.
GovNotify alerts highlight critical cyber threats, vulnerabilities and government-recommended best practice. We are looking for feedback on each alert to help us to improve our communication to make sure what you receive is relevant and actionable.
Sign up to register your interest.
Resources
Our cyber resilience resource will help you strengthen your council’s cyber posture.
The resource brings the information together in one place.
The services listed are provided for information only. Councils should review the service before signing up to it and remain responsible for assessing whether a service is appropriate for their needs.
This page lists services that are:
- free to use
- available to UK councils
Responding to cyber incidents
To help councils respond quickly and effectively to severe cyber incidents, MHCLG has made a Cyber Incident Response (CIR) service available.
The service gives eligible councils access to a National Cyber Security Centre (NCSC) assured provider for containment and eradication support following a significant cyber incident.
In the event of a cyber incident, you should report it to the NCSC through their reporting portal. You should also report incidents, where appropriate, to:
- the Information Commissioner’s Office (ICO)
- the National Crime Agency (NCA) or call 0300 123 2040
- your regional Warning Advice and Reporting Point (WARP) to support wider threat intelligence sharing within the sector
NCSC will share reports promptly with MHCLG, who will monitor the reports on a 24/7 basis so we can assess whether the incident meets the threshold for activating the CIR service.
Further details, including eligibility, activation criteria, and reporting, are available in our CIR service guidance for councils.
Stay updated and get involved
Sign up to the newsletter to receive updates on the Defend as One programme, including upcoming pilots, as we often invite participation through expressions of interest.
If you have any questions or would like to get involved in a future pilot, you can contact us at [email protected].