The LGA has published its cyber security newsletter for January, which includes information on their upcoming Local Government Cyber Security Tools Workshops.
Don’t forget, you can sign up to the SEE Newsletter here.
KEY ISSUES:
1. LGA new round of funding. Grant letters have now gone out offering over £500k of funding to 125 councils. The timeline is tight, so if you are one of the respective councils, please reply by 12 Feb 2020.
2. Huawei set for limited role in UK 5G networks. The UK has decided to allow the Chinese tech giant to be part of its 5G network – but with restrictions. NCSC have released an in-depth blog post ‘Security, complexity and Huawei; protecting the UK’s telecoms networks’ on the issue. For more information, click here.
3. Scottish Cyber Assessment Service. Scotland Cyber Assessment Service are piloting a useful tool to help public sector organisations improve the cyber security of the supply chain. For more information, click here.
IN OTHER NEWS:
4. Minister for Digital speech at SINET Global Cybersecurity Innovation Summit. To read the speech, click here.
5. Critical Vulnerabilities in Microsoft Windows Operating Systems. Click here and here for more information.
6. DCMS survey on the impact of GDPR on Cyber Security. The Department of Culture, Media and Sport has commissioned research to assess the impact that the introduction of GDPR has had on incentivising organisations across the UK to improve their cyber security outcomes. For more information about the survey, click here.
7. Cisco Releases Security Updates to address vulnerabilities affecting multiple products, for updates see the Cisco Security Advisories page.
8. NHS Digital aims to tighten security of NHSmail. To read the full article, click here.
9. Six Steps for Building a Robust Incident Response Function. For more information, click here.
NCSC RELATED:
10. NCSC’s new cyber security training for staff now available. NCSC has produced a new e-learning package: ‘Stay Safe Online: Top Tips for Staff’. It’s free, easy-to-use and takes less than 30 minutes to complete.
11. NCSC explores potential security opportunities that can come with using the GDS cloud lock-in guidance. To read the full article, click here.
12. NCSC and KPMG launch annual Diversity and Inclusion Survey to help build a better understanding of the diversity profile across the UK Cyber Security industry. To complete the survey click here (it should only take 10 minutes). LGA Cyber Security Programme Newsletter January 2020 2 Making best practice, common practice
13. NCSC request a single point of contact. The NCSC have requested that all councils set up a single point of contact to enable the efficient notification of incidents, vulnerabilities and alerts. They suggest cybersecurity@localauthority.gov.uk. They have also asked local authorities to create a new CiSP group and send the CiSP private group name, an out of office contact number and the single email address to nik.w@ncsc.gov.uk. For more information please speak to your WARP lead or email Nik.
14. NCSC DMARC monitoring. One of NCSC’s free tools, Mail Check, makes it harder for attackers to spoof council emails. 91% of councils now have the basic DMARC monitoring policy on at least one of their domains. 66% have an enforcing DMARC policy of quarantine. We encourage councils to use these tools. For more information please contact mailcheck@digital.ncsc.gov.uk or craig.h@ncsc.gov.uk.
15. NCSC network reporting service. The NCSC is offering a free network abuse management reporting service (CNR), to local authorities to help them secure and protect their corporate IT infrastructure. The service notifies the registered organisations of indicators of malicious activity, and compromise, as well as identifying known vulnerable network services. To find out more, please email cnr@ncsc.gov.uk.
16. NCSC’s Protective Domain Name Service (PDNS) has recently enhanced its customer portal. PDNS, which is used by 65% of UK Local Authorities, now has a threats and blocks section giving users a view of all recent instances of DNS based malware on their network. Threats are ordered by severity and broken down by IP address to help users pinpoint which part of their network has infections. For more information visit their PDNS webpage or contact paul.b1@ncsc.gov.uk.
17. Ciaran Martin to leave after ‘privilege of a lifetime’ setting up NCSC. To read this article, click here.
18. NCSC weekly threat reports. Click here to view.
FORTHCOMING EVENTS:
19. Local Government Cyber Security Tools Workshop. The LGA, with the support of NCSC and the Local Government Cyber Technical Advisory Group (C-TAG), is holding two workshops for Local Authority IT and Cyber Security managers/leaders. The purpose of these workshops is to help us improve our collective understanding of what systems and tools Local Authorities are using and need to maintain and improve their cyber security. If you would like to join us for these events, or for further details, please follow the sign-up links below:
• London – Wednesday 12 February 2020
• Leeds – Thursday 5 March 2020
The London event is currently at capacity, but if you would like to be put on the waiting list, or notified if we increase capacity please email catherine.owen@local.gov.uk.
20. There are still places available on MHCLG’s Pathfinder 6. To find details of upcoming events click here, and for any other enquiries please email cyber-resilience@communities.gov.uk
CONTACT DETAILS:
Programme Manager: owen.pritchard@local.gov.uk
Programme Adviser: jamie.cross@local.gov.uk
Programme Support Officer: catherine.owen@local.gov.uk