Cyber strength in partnership
Stephen Baker, chief executive, Suffolk Coastal and Waveney District Councils
Is there any one who doesn’t work ‘in partnership’ these days? The increasing breadth of service delivery, the reduction in resources and capacity, and the need to access a wider range of skills more effectively has prompted the vast majority of us to work in partnership in many forms.
This has many benefits, but also generates a new series of demands. New relationships have to be created and shaped between the partners.
Revised roles and responsibilities must be understood so that all those involved understand who is responsible for what. Also we must be aware of any new risks that may develop from working in partnership.
To achieve effective cyber resilience everyone must play their part, and for everyone to play their part roles and responsibilities must be understood. By working in partnership we can certainly strengthen our resilience, sharing challenges and skills, and recognising the need to collectively resist the shared enemy of a cyber attack.
Shared understanding and awareness of the risk
It is essential that all those in a partnership have a shared understanding of the risk faced from a cyber threat. If this is disjointed or inconsistent then the partnership is weakened. That shared understanding will be underpinned by effective communications and solid commitment from all partners to recognising the importance of cyber resilience.
Access to tools to maintain resilience
Partners need consistent and relevant reference points to ensure that they are working to the same standards and information. A shared information assurance policy, and access to and use of data handling guidance underpins the partnership and ensures that all have a shared responsibility for how data is handled and managed.
Duty of cyber care
We are familiar with the term ‘duty of care’. Between partners we need to establish a ‘duty of cyber care’. This will recognise the responsibility that each partner has for the other, and emphasises within the partnership an understanding of the impact that a weakness in their systems will have on their partners.
Maintain skills and training
An inconsistency in the level of skills and training between partners will create an imbalance in the understanding of and awareness of the potential of a cyber threat. This in turn will lead to an adverse impact on the level of cyber resilience within the partnership.
This can be avoided by sharing training and skills development, recognising that it is a mutually held objective that all partners wish to avoid an attack, or at least be able to resist one should it happen.
Supportive leadership and culture
The effectiveness of any training, or of sharing information, will be diminished if there is a lack of leadership, or if the culture of the partnership, or individual partners, is such that the cyber resilience is not recognised as a priority. It is essential that the leadership is present within the partnership, that it values the time taken to prepare for and maintain cyber resilience, and that culturally there is an expectation that everyone has a role to play.
The need to work in partnership within organisations, and beyond organisational boundaries, will never go away, and sadly neither will the threat posed by those who wish to cause damage to organisations through a cyber attack.
Maintaining cyber resilience is a challenge for partnerships, but also a means of strengthening the way that partnerships work together.
This article was first published in Local Leadership in a Cyber Society: Being Resilient by the DCLG led National Cyber Security Programme - Local and iNetwork. Read the other featured articles.