An action plan to help the public sector defend itself against cyber-attacks, including preventative guidelines for all organisations, is being accelerated following a meeting of the National Cyber Resilience Leaders’ Board (NCRLB), chaired by Justice Secretary Michael Matheson.
Matheson discussed the impact of the global cyber attack on Scotland, the multi-agency response and the steps that can be taken to boost cyber resilience across all sectors. He also committed to take forward the public sector action plan, which includes:
- Developing a set of guidelines and standards for all Scottish public sector bodies to achieve by 2018;
- Support for all 121 public sector organisations to achieve accreditation to the Cyber Essentials standard as a minimum requirement;
- Production of a public awareness strategy for public sector organisations.
“What is evident from this week’s events is that this was a global attack on an unprecedented scale and, whilst we are now seeing systems returning to normal, we cannot be complacent,” said Matheson. “Today I chaired a meeting of the National Cyber Resilience Leaders’ Board which discussed what lessons we can learn from this incident and how we can take forward the publication of an action plan to ensure we are as prepared as possible for future incidents.
“We need to be clear that combatting threats of this nature isn’t something government can achieve alone. Cyber security is everyone’s business and we need to ensure that all organisations have appropriate safeguards in place. I would like to thank all NHS staff who have been working hard to make sure the impact of this attack has been effectively managed.”
Hugh Aitken, chief executive of CBI Scotland and chair of the NCRLB, added: “The Scottish Government had the vision to put this Board in place to design and execute a protection plan for Scotland, covering both public and private sector. We aim to have our proposals on taking forward this action plan in front of Ministers for their approval by June.”