Scottish local government appoints chief information security officer 

A Chief Information Security Officer (CISO) has been appointed to the Scottish Digital Office for Local Government to support local authorities in Scotland against the increasing risk of sophisticated cyber-attacks.

Andy Grayland is a former information systems security professional at the Ministry of Defence. His role will involve providing leadership to help local authorities deliver against the goals of the Cyber Resilience Strategy for Scotland, the National Cyber Security Strategy and the recently announced Scottish Government Action Plan on Cyber Resilience.

Grayland will also work with chief executive officers and council management teams to ensure cyber security threats and vulnerabilities are proactively managed at the highest levels of the organisations.

A statement said he will support IT managers, information security officers and data protection officers to review cyber security controls and develop collaborative actions plans for harmonising and continuously improving how security threats are managed across the sector.

Lorraine McMillan, chief executive of East Renfrewshire Council and chair of the Scottish Local Government Digital Transformation Board, said: “Cyber-attacks are becoming increasingly sophisticated and it is crucial that local authorities do all they can to guard against these attacks. By working collaboratively, we can ensure that Councils can minimise the chance of a successful attack.”

Martyn Wallace, Chief Digital Officer for Scotland, added: “In the current climate of evermore sophisticated cyber-attacks that private and public sector experience day-to-day, Andy and his experience is a great asset for the Digital Partnership to accelerate and enhance our cyber credentials.”

Cyber security is a key programme within the Digital Foundations workstream for the Digital Office. Alongside a programme that is dedicated to the introduction of the General Data Protection Regulation (GDPR), the programme aims to “continuously improve current cyber security defences and provide a robust platform for enabling sector-wide digital transformation”.

Andy Grayland commented: “Threats from cyberspace are all-pervading and as more and more high-profile breaches are discovered, public perception of organisations who fail to protect their valuable data will be negatively impacted. Scotland has a long history of innovation and being at the leading edge of new technologies on a global stage. I return to Scotland, and this new role, with the goal of ensuring that we can continue this trend.

“The Scottish Government’s mission to create a ‘Safe, Secure and Prosperous’ digital nation must be laid upon the solid foundations of cyber security. Scottish local authorities have already begun to lead by example, demonstrating a wealth of talent and experience across the board. Together, we will show that we are stronger standing shoulder to shoulder against a common threat than as individuals tackling the same issues.

“For those organisations that have not yet begun this journey towards securing their digital frontiers, I offer these words of advice: the first step towards cyber security is the easiest step you will take and yet it is the one that pays the highest dividends. Do the simple stuff right and you will protect your organisation from the vast majority of potential attacks.”