Words: Elizabeth Giugno, Head of Category – Cyber Security, Crown Commercial Service (CCS)
In recent years the blue light sector has become under increasing pressure to deliver effective and efficient services that guarantee public safety. But while many new technologies can enhance the way the sector operates, they can often introduce new vulnerabilities, such as cyber security issues.
The emergency services sector is subject to a tremendous number of cyber security threats and hazards, which has increased significantly since the start of the pandemic. This is due to increasing digitalisation, remote working and the significant value that this type of data – such as health and criminal records as well as domestic intelligence – holds on the dark web, making the sector an ideal target for opportunistic cyber criminals. Unfortunately, there are countless opportunities for the wrong people to steal information and disrupt the delivery of essential services.
The National Cyber Security Centre (NCSC) is the UK’s technical authority for cyber security incidents. The NCSC’s fourth annual review, in November 2020, revealed that 723 incidents had been handled between 1 September 2019 and 31 August 2020, an increase from the average of 602 incidents annually in the previous three years. These attacks are predominantly ransomware attacks where cyber criminals use malicious software to block access to computer systems and threaten to release the organisation’s sensitive data, unless the ransom is paid.
A cyber attack is hugely detrimental as it can cause loss of data and reputational damage, as well as the cost of recovery to the organisation and emotional toll on the workforce. Supply chains are also now being targeted by hostile states and cyber criminals, which makes it increasingly difficult for organisations to mitigate and manage risk.
For the blue light sector, cyber security isn’t only a challenge – it’s an obstacle to digital transformation. The stakes are sky-high: hacking this type of data and information might imperil national safety as well as citizens’ trust.
These types of attacks are calculated. They’re resourceful. Criminals that target the data, networks and systems are often looking to steal specific information.
Five steps to building resilience to cyber attacks and reducing disruption
Building cyber resilience is about strengthening cyber security to increase confidence and ensure that in the event of an attack, not only can organisations continue to operate, but that they will recover quickly. Resilience means continuous, uninterrupted access to data while remaining secure and protected.
As threats continue to increase in frequency and sophistication, so must our preventative measures, which should include:
1. Understanding critical assets
The first step to building resilience is having a strong understanding of the organisation’s critical assets. These are resources that are fundamental to maintaining operations and achieving the organisation’s mission. Ask yourself: if an attack happened today, what impact would it have, and what are your critical assets?
Critical assets are often the data the organisation holds, so you also need to know how this will be protected from an attack. Managing back-ups are an essential part of this process – rapid recovery is dependent on how regularly these back-ups are carried out.
2. Developing an incident response plan
A thorough and detailed incident response plan is crucial to resilience as this will ensure that your organisation can recover quickly from any attack.
An incident response plan collects together the coordinating functions, which guide, inform and support the whole response process. It encompasses a number of aspects, including triaging and categorising of an incident through to escalation procedures and core response.
3. Educating employees and creating a strong cyber security culture
Phishing e-mails, which dupe staff into opening them and exposing the organisation to phishing attacks, have become more frequent and sophisticated during the pandemic. This shows the importance of creating a strong cyber security culture. It is essential that employees understand cyber threats, the potential risk, and their role in mitigating incidents. Educating your employees, increasing awareness and providing strong governance and training can all assist in building cyber resilience.
4. Keeping up to date with emerging cyber threats
New advanced threats are being discovered daily. Resilience is also the detection of threats and increasing both your understanding of the threat landscape and threat intelligence. Taking a proactive approach to cyber security is essential in ensuring that organisations are aware of threats to allow for methods to be adjusted before they affect services.
As threats continue to increase in frequency and sophistication, so must our knowledge and preventative measures.
5. Developing a Business Continuity Disaster Recovery plan
All organisations should have sufficient Business Continuity Disaster Recovery (BCDR) methods in place to make sure that you can resume normal operations in the event of an attack. It should include a complete approach to keeping your team productive during planned or unplanned disruptions, such as a cyber attack.
The BCDR plan builds resilience by reducing the risk of data loss and enhancing operations, detailing emergency contacts and key staff.
Steps to strengthening cyber defences through the procurement process
With cyber criminals targeting supply chains and recent attacks such as Solar Winds, procurement can be an increasing concern for the public sector. Criminals often target the weakest link within supply chains. It is imperative therefore that the procurement process mitigates these risks.
CCS worked in partnership with the NCSC to develop the Cyber Security Services 3 dynamic purchasing system (DPS). It provides a central route to buy NCSC assured services to help you manage and improve your security function.
The DPS allows you to filter for NCSC assured services, choosing the services and supplier accreditations you need. You can also access suppliers who are not NCSC assured and hold alternative cyber security credentials.
NCSC assured suppliers are recommended for organisations forming part of the UK’s critical national infrastructure, the reason being that by using services offered by NCSC assured suppliers, you can be confident that they meet the National Technical Authority’s standard for high quality.
The NCSC offers assurance for a range of services, including consultancy, incident response and penetration testing.
The advantages to using NCSC assured suppliers in managing supply chain risk are that they will have: met the NCSC’s standards and can be trusted to act in NCSC’s name; a proven track record in delivering high quality consultancy services; a defined process for working with customers to understand their needs and tailor advice accordingly; demonstrated a clear understanding of current and potential cyber threats and techniques and potential effective mitigations; been independently and rigorously assessed; shown that they act with integrity, objectivity and proportionality; protect the customer’s confidentiality and integrity and comply with relevant laws and regulations; and a commitment to continuously improve the services offered to meet the evolving needs of customers.
One of the biggest supply chain challenges can be a supplier’s understanding or competence when it comes to cyber security. Accreditation is increasingly important for the public sector in strengthening cyber defences within the procurement process. Buying through a framework such as the Cyber Security Services 3 (CSS3) DPS, ensures that your suppliers have had vetting checks, such as Cyber Essentials.
Cyber Essentials is a government-backed scheme that allows organisations to carry out a cyber self-assessment, and provides an understanding of the organisation’s security levels. This will mean that your supplier has taken steps to safeguard their business against cyber threats and will assist in strengthening cyber defences within your supply chain.
How do you assess the suppliers within your current supply chain?
Supply chain analysis is a service that can assist in identifying and analysing cyber risks already within your supply chain. A supplier will carry out an assessment and then build assurance activities into your supply chain management. Supply chain analysis can be procured through the Cyber Security Services 3 DPS.
Find out more
The Cyber Security Services 3 dynamic purchasing system (DPS) is the only route to market for NCSC-assured services, covering a wide range of cyber services. All suppliers have Cyber Essentials as a minimum and other accreditations can be selected using the filtering options.