5 minutes reading time (925 words)

The Cyber Support team’s technical remediation and support activities

During the cyber security discovery last year, we identified five areas of opportunity for MHCLG to support councils in improving their cyber health. One of these areas was technical remediation: providing support to councils identified through the survey on mitigating malware and ransomware.

In November, a Cyber Support team was formed within the Local Digital Collaboration Unit to work with councils to reduce their cyber risk. The team is providing immediate support and guidance in order to increase councils' resilience against malware and ransomware attacks.

The Cyber Support team’s work is running alongside the Cyber Health project, which is looking to provide clarity on what good organisational cyber health looks like.

What we’ve done so far

The team began by reviewing the results of the Mitigating Malware and Ransomware survey that was sent to councils in February of last year, and was completed by 237 councils. We encourage any councils who have yet to do so to complete the online survey.

We identified 7 key areas that will provide the highest impact in reducing the threat from ransomware attacks:

Backups - analysing the council’s backup service configuration, including existing backup architecture, controls, isolation, offline/recovery and validation of recovery. Use of Multi Factor authentication (MFA) relating to Cloud / Software as a Service (SaaS) administration and access mechanism protection. IT health check - ensuring Principal Security Concerns and resulting activity is reflective of the current threat landscape. NCSC ACD - onboarding and utilisation of the National Cyber Security Centre (NCSC) Active Cyber Defence (ACD) services. Operating Systems - identifying legacy unsupported operating systems, vulnerability visibility within IT estate, containment options and hardening. Active Directory - privileged user account assessment and active directory architecture. Logging - logging capability, coverage, compromise indicators and enhancement opportunities.

Each of the seven focus areas are broken down into multiple topics for targeted analysis and review. For example, Logging consists of the following topics:

Centralised Logging Captured data Retention periods Alerting and triage

Each topic is being reviewed as part of one or more collaborative workshops with the council to identify what capability is currently in place, potential cyber enhancements, and support requirements.

Our findings so far

We were pleased to find that councils have continued to make improvements following the collaborative cyber workshops. Following delivery of the MHCLG Cyber Report and Cyber Treatment Plan across all councils, there is a recognition of the importance of cyber security and a commitment to improving cyber health.

We have started analysing the information gathered as part of the workshops and ongoing cyber support sessions. Some initial findings are highlighted below and we will publish further updates as we continue to work through the data:

Although all councils performed an IT Health Check in 2020 with comprehensive corrective action plans in place, we identified that all councils required cyber enhancement across the focus areas assessed. This highlights the need for continuous development of IT Health Check scopes to ensure they maintain pace with emerging cyber threats. Logging is a common area that requires attention. While logging is in place for the majority, a centralised strategic logging solution with automated event analysis is typically not in place. Without this capability, council IT teams expend a large amount of effort triaging log events. Uptake of NCSC Active Cyber Defence services is very high across all councils, with 100% take-up of WebCheck, Exercise in a Box (EiaB) and Early Warning, and MailCheck take-up at just under 90%.

What happens next

We’re working with the selected councils to agree a roadmap for improving their cyber health. This will increase councils’ resilience against ransomware attacks and help cyber professionals within local authorities to communicate with senior leaders about issues.

We will also be providing those councils with support to fix any issues, as well as continuing to analyse and identify commonalities from our workshops and support sessions. This will assist us in developing reusable tools and actionable targeted guidance, all of which we will make more widely available.

Have your say

We welcome further collaboration and input from those working in and around local government cyber security, so please This email address is being protected from spambots. You need JavaScript enabled to view it. if you have any strong evidence to support our research.

We also welcome feedback on our cyber support service. By completing this short survey, you will be helping us to shape future workshops and the support we provide to other councils.

If you have not done so already, please complete the Mitigating Malware and Ransomware survey to help us understand the mitigations your council has in place to reduce the risk and impact of malware and ransomware attacks.

Follow our progress

We are working in the open and holding regular show and tells to share our findings and knowledge, as well as progress updates and ongoing activities. If you are working in a national or local government agency and would like to join us, the next one is taking place on 26 March, 11:30am - 12:00pm.

There are a number of other ways you can stay in touch with our work:

Subscribe to our Cyber newsletter for progress updates and news relevant to those working in and around local government cyber security Read our fortnightly Cyber Sprint Notes Follow LDCU on Twitter (@LDgovUK)
(Originally posted by Local Digital Collaboration Unit)
77% of Homeowners Believe Estate Agents Have Faile...
The Busiest Estate Agents Are Battling the Market ...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, 24 June 2021
If you'd like to register, please fill in the username, password and name fields.

By accepting you will be accessing a service provided by a third-party external to https://www.wiggywam.co.uk/

Random Posts

29 May 2021
General
Buyer
Seller
Tenant
Landlord
In the press
WiggyWam, the all-in-one property platform, has launched a unique consumer-facing education library for home buyers and sellers, providing them with all of the vital tricks of the trade when it comes ...
25 August 2020
UK Government News
The Local Digital Collaboration Unit Cyber team has come to the end of a two-month discovery into cyber security at local authorities. The purpose of the discovery was to investigate how MHCLG might s...
20 October 2020
Buyer
Seller
Buying or selling a home normally takes 2 to 3 months. The process can take longer if you're part of a chain of buyers and sellers. We have reproduced the following guidance for your convenience....

Top Articles

29 March 2020
Experts Corner
Einstein once famously said, "The definition of insanity is to keep doing the same thing, over and over again, expecting a different result". Less infamous, yet still a quote by Einstein is; "The diff...
29 March 2020
Experts Corner
This guide has been compiled from years of experience in various sectors of the property industry, from estate and letting agency, surveying, property investing as well as training and mentoring many ...
16 December 2019
Latest platform updates, features, tips, tricks and tutorials to help you get the most out of WiggyWam
There are a number of providers offering virtual tours/3D modelling but the one that stands out for us is Matterport. They have been around for a while now and just get better. Mat...
No Internet Connection
0
Shares
Cron Job Starts