Ministers have unveiled a three-year strategic plan for the operation of a Scottish ‘cyber coordination centre’ for the public sector.

The national facility will act as a ‘recognised, authoritative, and collaborative function’ to respond to the growing threat of cybercrime.

Named the ‘SC3 Centre’ – full title Scottish Cyber Coordination Centre – the body will provide threat intelligence to public agencies, including their exposure to risks on the dark web.

That intelligence will then be used to close gaps in organisations’ defences, improving their online resilience to vulnerabilities and future cyberattacks. It will feed into a ‘cyber observatory’, which will be able to monitor threats as they emerge in real-time.

It will also offer a joined-up incident response arm in the event of a cyberattack, with its operating model being influenced in recent years by high-profile ransomware incidents affecting the likes of the Scottish Environment Protection Agency and NHS Dumfries and Galloway.

In a new document published today, the strategic plan revealed: “SC3 will be a focal point for Scotland’s cyber security and resilience, providing services to help protect against and respond to the accelerating and evolving threat of cyber attack while promoting adherence to appropriate standards and best practices across critical functions and infrastructure.”

In practice, the centre will adopt a adopt a ‘remote-by-default’ approach for most ‘regular activities’ and it’s unclear from the strategy whether there will be a physical premises for its operations. There were also no indications from the document as to the level of investment needed to deliver the service.

An early warning mechanism, cyber exercising and preparedness will also be key features.

‘The negative, and sometimes catastrophic, consequences of major incidents underline
the importance of well-rehearsed exercising for preparedness and resilience in the face
of cyber threats, at both an organisational and national level. It is one of the most
important tools available and therefore a priority focus for SC3,’ the document said.

Although the centre will be principally directed, in a policy sense, by the Scottish Government’s Cyber Resilience Unit (CRU), ‘core partners’ will be on hand to provide ‘input, advice, and challenge’.

Those partners are: Police Scotland, NHS National Services Scotland, HEFESTIS (a shared services organisation providing Scottish universities and colleges a tailored Information security service), Local Government Digital Office and the National Cyber Security Centre.

The document states: “As Scotland embraces and benefits from digital transformation, it also faces a serious and evolving cyber threat and risk landscape as a result.

“Following on from several significant cyber attacks on Scottish Public Sector organisations, Ministers announced that as a matter of urgency they were bringing forward proposals for the establishment of a recognised, authoritative, and collaborative function to combat the accelerating cyber threat. The Scottish Cyber Coordination Centre (SC3) was established to meet this requirement and address key cyber resilience challenges facing Scotland.”

Those challenges were identified as:

  • Disjointed community: siloed organisations and security teams with lack of shared service solutions or common collaborative efforts.Varying levels of cyber security maturity (and criticality).
  • Insufficient specialist skills and resources.
  • Lack of consistent C-suite ownership and understanding of cyber risk.
  • Reliance on legacy technology.
  • Lack of senior awareness and visibility of supply chain vulnerabilities and risks.
  • Escalating threat and risk environment as digital adoption increases.

The benefits of deploying the SC3 were listed as:

  • A unified, coordinated approach to cyber resilience.
  • The provision of specialist services and targeted support to organisations.
  • A capability offering to raise the bar on cyber maturity nationally.
  • An opportunity for continuous data-driven insights and improved understanding
    of the cyber maturity and resilience landscape.
  • An opportunity to realise economies of scale and efficiencies for reputable
    centralised services such as threat intelligence and vulnerability management