A user intelligence group is set to be formed to scope out the requirements for a cybersecurity operations centre for Scottish local councils.
The Digital Office for Scottish Local Government will work with local government procurement body Scotland Excel on developing a single supplier approach to protect local authorities.
Dave Ritchie, chief information security officer for the Digital Office, shared details of the plans in a recent blog post.
In it, he pointed out that developing 24/7 online monitoring and protection was “beyond the reach of a council” and that using the private sector was the best way to leverage that support.
He wrote: “A SOC is one of the best ways that an organisation can increase their cyber security. Cyberattacks can happen at any time, and cybercriminals often choose times when they know staff will be thin on the ground, with bank holidays being a popular target for this reason.
“A SOC provides 24x7x365 monitoring of council systems and can take actions when certain types of incident are seen or escalate to chosen points of contact. Developing this kind of service in-house, with round-the-clock monitoring and specially trained staff would be beyond the reach of a council, so using the private sector to provide this service is the best way to make vital services available to councils.
“The SOC provider will have a dedicated team of cyber security experts who will monitor, detect, and respond to cyber incidents across the organisation.”
Ritchie noted that the SOC project is important for several reasons, namely:
- It will enhance the organisation’s compliance, by ensuring that the organisation meets the legal and regulatory obligations and standards related to cyber security. The Information Commissioner’s Office (ICO) have reprimanded public sector organisations for failing to have adequate logs and a SOC with standard tools could help meet this requirement. that
- It will improve the organisation’s cyber security posture and resilience, by providing a comprehensive and proactive approach to cyber security, and reducing the impact of cyber incidents.
Furthermore, the SOC project will: - Help reduce downtime and disruption caused by cyber incidents, and improve the performance and availability of the organisation’s network, systems, and applications.
- Help the organisation deliver reliable and secure digital services to its customers, and protect their data and privacy.
- As this framework is open to councils and other public sector organisations, it will foster collaboration and learning from other users of the framework. A community of framework users will be created, so learning and experience can be shared.
Ritchie concluded by saying the SOC project, revealed earlier this year by Futurescot, is a ‘strategic and ambitious initiative that will help transform organisations’ cybersecurity capabilities’.
The news follows a ransomware incident which impacted systems at Western Isles Council last November. The cyberattack led to a police investigation and support from the National Cyber Security Centre. Council leaders had to initiate a series of workarounds as systems were taken offline – impacting services including benefits payments.