Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Enabling cyber incident collaboration in UK local government through fast-time communication
Cyber Security: A Peer-Reviewed Journal,
5
(3),
237-250
(2022)
Abstract
This paper brings together concepts and ideas to support organisations in implementing cyber incident response and coordination, especially focusing on the need for fast-time communications. Normal business operations are slow-time communication, with the shift to fast-time communication occurring during an operational incident. A good example of fast-time communication is instant messaging as opposed to slow-time e-mail. We are proposing a number of strands to formulate an approach. We realised the standard Playstation 3 theme (P3T) approach applies to fast-time communications and can be augmented to provide a novel application of the P3T. We propose to add governance to ensure that the scope application and use is appropriate, within the scope of a threat profile. We also propose to make use of the consequence relevance acceleration severity and harm (crash) gate framework which facilitates the definition of trigger points for escalation in cyber incident response planning and response. We will present some use cases and explain how to integrate them into existing operating processes and procedures. The temporal activities matrix is discussed, which explains the different slow-time/fast-time activities in a cyber response team/security operations centre (SOC). This paper comes at the end of a three-year work programme for local government in England led by MHCLG which focused on cyber resilience from the ICT side and started to build an approach and capacity within the Local Resilience Forums (LRFs). The work delivered a wide range of workshops and cyber exercises for the English LRFs. There was also a similar programme run by the Welsh Government for the wider public sector in Wales. Finally we explore future research considering an additional application around smart cities, incorporating zero trust architecture.
Keywords: trigger points; fast-time communications; cyber templates; cyber incident response; cyber collaboration; incident message taxonomy; CUON; CCCG; smart cities; smart places; zero trust architecture
The full article is available to subscribers to the journal.
Author's Biography
Mark Brett is a chartered manager and chartered IT professional. He is a CCP Lead SIRA, having an outstanding track record as a senior manager and consultant in local and central government. He is actively engaged in the Local Government Cyber Resilience Programme with MHCLG. Mark worked for three years with the PSN Programme in GDS Lead IA Adviser and PSN SOC/Security Manager. As lead security analyst in MOJ Digital, he developed an agile approach to information risk management and assurance, which he has implemented in MHCLG. Mark was CIO of London Connects. As a deputy director in the London Resilience Team, he designed and implemented a Pan-London Emergency Management Extranet and was instrumental in setting up the WARP programme for CPNI. While information assurance adviser to the Local Government Association, he was the author of the Local Public Services Data Handling guidelines. He continues to lead the Local Government IA work as a special adviser to the Local CIO Council and through the Local Government Cyber Security Stakeholder Group and the Local Government PSN Board. He is currently cyber technical adviser to MHCLG, working on the National Cyber Security Programme – Local. Mark’s work in the cyber and resilience world involves developing cyber resilience exercises and response capability training which is being used within local resilience forums (LRFs) in England and leading the Cyber Resilience Programme in Wales for the Welsh Government, working with the four Welsh LRFs. He has recently authored the emergency management exercise that is being run across the English LRFs. Mark is a Fellow of the Institute of Civil Protection and Emergency Management and a member of the Emergency Planning Society. He is an honorary visiting fellow in cyber security at De Montfort University and lectures at Warwick and London Metropolitan universities. He completed a doctoral training programme at De Montfort University.
