The Local Government Association
The LGA is the membership body for English councils. We are a politically-led, cross-party organisation that works on behalf of councils to ensure local government has a strong, credible voice with national government. We aim to influence and set the political agenda on the issues that matter to councils so they are able to deliver local solutions to national problems. We also provide practical support, through funded and subsidised programmes, building capacity, developing skills and sharing learning across the sector.
Sarah Pickup is the Deputy Chief Executive of the LGA and leads on cyber security. Sarah previously worked for Hertfordshire County Council as Deputy Chief Executive with responsibility for corporate services and was the Senior Information Responsible Officer (SIRO) as well as the chief finance officer. This and her previous role as Director of Health & Community Services in Hertfordshire has given her insight into the issues and challenges of managing and sharing sensitive and personal information with partner organisations about local residents and businesses.
Councils and Cyber Security
Cyber security is an integral part of the sector’s wider work to digitalise their services making these more accessible across a range of online devices as well as more cost efficient to deliver.
As we put more services online and enable our workforce to access systems and data both in the office and while out and about, we also need to make sure we have appropriate measures in place to protect the personal and sensitive information we capture and store about our residents and businesses. Councils also have a responsibility to protect the personal information and data they store about their staff and elected councillors. They also need to detect and block attempts at cyber-crime, cyber fraud and online scams, as well as protect their infrastructure and systems.
Councils have a range of measures in place including; firewalls and scanning services; training for their workforce and elected members; health checks, penetration test and cyber resilience exercises; compliance regimes and cyber security guidance. They have data sharing protocols, data handling and management guidance, as well as different levels of access in place for different data sets and systems to manage and protect sensitive data.
They also work with IT security partners across the public sector through Warning, Advice and Reporting Points (WARPs) and Local Resilience Forum (LRFs) to protect their systems and put in place incidence response plans. However, as we have seen through recent cyber-attacks including the WannaCry ransomware, those with criminal or hostile intent will continue to try to breach our security to steal the data we hold and/or damage our systems. Therefore, we need to continuously review, refresh and reinforce our approach to cyber security.
The Challenges of Multi-Agency Working and Cyber Security
As councils work to join up their services around the needs of their residents and business customers, they are collaborating more with partners on ‘a place basis’ which means sharing residents’ and business customers’ data across different organisations in order to deliver the right range of services to the right customer.
As a result, we also need to look afresh at our cyber security arrangements to ensure these are fit for multi-agency working. We need to make sure our collective arrangements protect the data rather than focusing on the individual organisations or organisational silos.
Role of the LGA in Supporting Councils on Cyber Security
As the sector representative body for English Councils, the LGA is working closely with government and the sector to;
- Help raise the profile of cyber security at strategic level in councils, to ensure that senior officers and elected members give this the high-level recognition, resources and focus it needs.
- Highlight and promote existing good practice, guidance and tools to help councils put in place the necessary measure to protect their services, staff and communities mitigate the risk of cyber-attacks.