The anatomy of local government comprises of a complex network of bodies working, sometimes independently, sometimes in collaboration, to develop their respective geographic areas. While some challenges these bodies face reflect specific local and seasonal characteristics, some require a holistic response from local governments countrywide. This level of coordinated response, naturally, requires communication, and with such diverse and numerous groups of local government throughout the UK this, in itself, presents a challenge. Cyber Security is, of course, one such challenge that cannot be handled alone – its threat is pervasive, and so the response must be ubiquitous. SOLACE, the Society of Local Authority Chief Executives, is an organisation formed to provide coordination and cooperation across local authorities in order to promote excellence in public services. Stephen Baker, Chief Executive at Suffolk Coastal and Waveney District Councils, represents SOLACE on matters of Civil Resilience and Community Safety, placing Cyber Security squarely within his remit. We sat down with Stephen to discuss his work in helping to coordinate the UK’s response to the menacing cyber threat.
Emphasising the importance of local authority Chief Executives in confronting the Cyber threat, Stephen distinguished between two crucial roles an executive should simultaneously perform; leadership and management. Without an effective management structure, organisations struggle for clarity, and without sufficient leadership, organisations similarly struggle for direction. In Stephen’s words, “The cyber challenge is unique, and needs a specific crafted response. It’s absolutely critical that management take a leading role in terms of Cyber Security.” In Suffolk Coastal and Waveney the need for ownership is constantly reinforced, with increasing airtime being given to this at senior management team meetings; it doesn’t have to be an extensive point of discussion, Stephen says, but simply asking basic questions, “We’ve been attacked and have to quarantine X and Y systems and they’re out of use. What is the damage? What must we do? What is the effect, in the short and long term?” This keeps the topic at the forefront of everyone’s mind, which feeds down to those at the sharp end of an organisation.
What else can be done to ensure local governments and other organisations are alert to the threats they face? Stephen’s work at SOLACE revolves around keeping such questions at the forefront of the mind of local Chief Executives, and ensuring that Cyber Security is given the priority it warrants. The sometimes heard expression “leaving it to the IT department” gives Stephen cause for concern but, thankfully, in his experience, this mind-set is being steadily confined to history. With a significant shift in terms of people’s awareness to the threat, potential damage caused and the scale of response required, a more all-encompassing approach is starting to develop. Recognising the difficulty for Chief Executives at times in understanding fully the threat posed by Cybercrime, Stephen’s SOLACE duties focus on “making Cyber a people problem”, not the technological issue it is still perhaps perceived to be.
With developments in technology, the sheer volume of connectivity in our everyday lives continues to spiral upwards, almost exponentially with the advent of technologies like IoT. Emerging technologies open new markets, and solve age old problems, but also present new attack vectors for would-be Cybercriminals. Stephen recalled an ethical hacker he met recently who used wifi connectivity to hack into a kettle which, in turn, allowed access to the wifi network and all the access that provided to other systems. The threat exposure through IoT enabled devices will only increase, a threat that presents a unique challenge to those attempting to solve it, due to its intangible and unpredictable nature. Stephen says, “If I’m told there’s a flood risk, I can identify what is at risk, but if you tell me there’s a Cyber attack, how do we define what’s at risk now?” To counter this threat, Stephen says, Cyber Security needs to remain at the forefront of people’s minds, and the leadership/management balance must ensure this is the case. With organisation executives stepping up to this role, supported by appropriate buy-in from people throughout every level of the business, Stephen’s view is that the Cyber threat can be better understood, managed effectively, and the potential effect mitigated, but leadership is critical to ensuring that happens.”
Stephen joins us at the Cyber Security Summit and Expo as part of our panel talk: “Shared Lessons: Preparing for Ransomware Attacks and Disaster Recovery“, at 12:15pm on Seminar Theatre 1.