Cyber Security is a Tier One National Security risk, alongside pandemic, terrorism and environmental risks. The potential business impacts of a cyber-attack are disruption of services, threat to service users’ (customers’) safety, reputational damage and the demand for post-event/breach resources required to demonstrate compliance. Focussing on the resilience of local public services in the event of a of a cyber-attack should help us gain discussion time at board-level.
One element of meeting the demands of a growing cyber security threat to public services is to bring our operations, information management, and civil resilience / contingency communities together; firstly, within our organisations and then, because of the increased interdependencies and complex relationships between local organisations, at a regional level, probably through Local Resilience Forums and WARPs.
In discussions at NEICT and ISNorthEast, colleagues have realised that much of the language used by the resilience and information security communities is alien to the other. There is a need to engage, to exchange knowledge and experience and to plan collaborative responses to the growing cyber threat.
We also recognised, based on experience, that our local resilience plans should consider IT outage scenarios other than cyber-attack (power failure, loss of data centre etc.) as the business impact could be similar.
We’ve developed this aid to support early-stage discussions between operations, information management, and civil resilience / contingency colleagues. We’ve tried to keep it simple and focussed on business risk rather than technology. We hope you find it useful.
Chair of NEICT
Chief Information Officer, Northumberland County Council
If you’d like to send comments on the document please do so below or contact us.