Agenda item

Ms S Hydon (Head of ICT Service Management) and Mr S Marshall (ICT Technical Security Lead) will make a presentation updating the Committee on Cyber Security issues.

Ms S Hydon (Head of ICT Service Management) and Mr S Marshall (ICT Technical Security Lead) made a presentation updating the Committee on Cyber Security.

Ms Hydon reminded the Committee that following a previous presentation to the Committee prior to Christmas she had been requested to update Members on the current position with regard to Cyber Security.  This presentation, therefore, outlined the controls currently in place and those proposed to combat such threats together with the investment opportunities being adopted and strategies being implemented to improve the Authority’s Cyber Security arrangements in the future.

Mr Marshall then reported on the following:

·         An LGA Cyber Security Stocktake had been undertaken in 2018.  This was an independent review and provided feedback under five headings of Leadership, Governance, Partnerships, Technology and Training.  The Authority had received an amber rating for, amongst other things, its security measures and the maturity of those measures that were in place

·         Based on the outcome of that feedback 4 bids had been submitted for Government Funding to support cyber security improvements, developments and solutions including training and details of these bids were outlined

·         Specific training was being prepared for Elected Members as in the past they had been using slightly remodelled training from that delivered to staff

·         The Committee was then shown a video which showed how an effective ransomware attack came together and why councils and businesses required effective security controls

·         Reference was made to recent social engineering effects and examples were given of the ways in which this could impact on the Council with particular reference in this respect was made to:

o   The recent USA Elections

o   The potential smearing and reputational damage to the Council

o   The impact of the loss of personal and sensitive data

o   The loss of services/productivity

o   Potential implications for Ransom/blackmail

o   Dynamic progression of threat

·         A summary of the ‘attempts’ and ‘attacks’ the Council had received between 1^st January – 31^st December, 2018 was provided.  This worryingly indicated that the number of attacks was on the increase.  It was also pointed out that currently the Authority rejected more emails than it actually received

·         A quick reference guide for Information Security Incident reporting was provided.  An Information security incident was one which involved the actual or potential failure to meet the requirements of the Data Protection Act 2018, General Data Protection Regulations and/or common law duty of confidentiality

·         The Council had currently undertaken work in the following areas

o   There had been an investment in Self Learning Software

o   Vulnerability Scanning was undertaken in order to find and close loopholes

o   Training, awareness and testing was continuing

o   Partnership working was undertaken both internally within the Council and with external partners and neighbouring Councils

o   The Service was working with National Government Cyber Security programmes from the National Cyber Security Centre and Ministry of Housing, Communities and Local Government

·         The Committee was then given an example of the action taken to an actual Phishing Email received by a member of staff.  This included, amongst other things:

o   Blocking web links to protect staff and other users

o   Contacting the companies involved

o   Getting content removed

o   Using education to advise how phishing emails could have been spotted

o   Reviewing processes and training to try and prevent or stop this in future

In the ensuing discussion, the following matters were highlighted:

·         It was noted that phishing emails came from a variety of sources and countries.  Appropriate action was taken as soon as an ‘attack’ was identified

·         Reference was made to the way in which accounts were deleted following a member of staff leaving.  Arising out of this reference was made to the ‘auto population’ of an email address in email clients such as ‘Outlook’ which may give an indication that an account was still ‘live’ when in fact it was not.  If examples were provided on email addresses/accounts being active when they should have been deleted, this would be investigated by the IT Service Desk as a matter of urgency and action taken to remedy the situation

·         Ms Hydon stressed that once a member of staff left the Authority or a Councillor ceased to be a Member of the Authority, accounts were immediately suspended.  This information came via individual services or, as a backstop, via SAP employee leavers records

RESOLVED that Ms Hydon and Mr Marshall be thanked for a most informative presentation.