Local government must be part of national cyber-security 'ecosystem'
A provider of IT infrastructure has called for central government to include local government more in mapping out national cyber-security policies.
A public sector IT consultancy, Socitm, has called for greater integration in the realm of cyber-security between local and central government, prompted by a recent attack on a local authority.
Lincolnshire County Council was hacked last week when an employee opened a phishing email loaded with ransomware. Parts of the council's computer system, including library services, were shut down for nearly a week in which employees had to use pen and paper to do their jobs. Everything was back up and running earlier this week.
While the attack only infected a few files, which the security team were quickly able to isolate, the downtime was long and day-to-day operations were impeded.
Socitm has pointed out that 70 percent of citizen interactions with government are at local government level, so it is calling for those elements of public infrastructure to be included within the government's national strategy.
Both the Department for Communities and Local Government (DCLG) and Socitm are already working on a best practice scheme for local government, but Socitm wants to see more than that. It has proposed that local government should play a part in the governance of the National Cyber-Security Centre, helping the Centre to not only craft policies but also understand the day to day workings of local government.
This should be a ‘symbiotic relationship' according to Socitm, expressing its desire to spread into other areas of local governance that local government does not necessarily govern like the Department for Work and Pensions.
While there are already solutions around these recommendations, this effort must be continued, Martin Ferguson, Socitm's director of policy and research told trade press: "Thankfully Lincolnshire's experience is the exception rather than the norm. However, the ongoing threat from existing and new forms of malware and other forms of cyber-attack means that addressing these threats needs sustained focus."
The DCLG did not respond to requests for comment in time for publication.