Agenda item

To receive an update from SWAP on cyber security.

Darren Roberts (SWAPs Assistant Director ICT, Digital and Cyber), gave a presentation on cyber security. The presentation slides are appended to these minutes. The essence of the presentation highlighted that cyber security was incredibly important, there would always be risk and it was highly likely that there would be a breach at some point, usually as a result of the human factor, therefore it was everyone’s responsibility to take action to prevent breaches. The Chairman thanked Mr Roberts for his presentation.

The Chairman invited Ian Robinson (Director of Digital, Data and Technology) to give a presentation and asked for assurance for the Committee in regards to Cyber Security at Wiltshire Council and to what extent the concerns highlighted by Mr Roberts could be addressed.

The Officer stated that he wanted to give a sense of progression being made. He started in 2019 and started in depth reviews due to some concerns. Shortly after there was a data centre power failure which caused issues, turning some of the concerns to reality.

The review became a formal programme and a lot of the work undertaken was fed from the audit where 2 critical items were highlighted and a further 12 recommendations were made. As a result, Wiltshire Council back up facilities were completely refreshed. The primary data centre was now wholly reflected in a secondary data centre. There was also an “air gapped” back-up solution. So, if data was compromised and destroyed it could be replaced by the “air gapped” back up which was held completely separately. Some further trialling and real world testing of disaster recovery was required but had been delayed due to the pandemic.

A redesign of the boundary defences, such as firewalls had been implemented. Many apps and data were also now held in the cloud. The ICT structure would be reorganised and bolstered with training, this process had been prioritised. In summary good progress was being made.

Cllr Holder commented that he was gratified by the presentations and the comments made and was satisfied that progress was being made. Cllr Holder stated he had a specific question regarding Cyber Essentials Plus accreditation, however he was happy to raise this with the officer outside the meeting. Copeland Council’s cyber security issues were raised an example that all Councils wanted to avoid. He encouraged all to allow the live tests to occur.

At the conclusion of the debate it was proposed that the Audit and Governance Committee:

·       Note the presentations.

·       Note the need for further work on red risk items.

·       Recommend that Wiltshire Council work towards Cyber Essentials Plus accreditation as a minimum standard.

The officer confirmed that action was being taken on all these items.

Cllr Philip Whitehead, Leader of Wiltshire Council also stated that this was a priority and he had previously had conversations with the officer regarding this, and work was progressing. The importance of our data was highlighted and the support of the Audit and Governance Committee was welcomed and work would be progressed on this issue.

Mr Roberts (SWAP) stated that framework reviews had been undertaken with many of their partners and he was encouraged by Wiltshire Council’s progress.

The Chairman stated that it was important that this should be monitored in the future.

At the conclusion of the debate the motion was voted on and it was;

Resolved:

That the Audit and Governance Committee

·       Note the presentations.

·       Note the need for further work on red risk items.

·       Recommend that Wiltshire Council work towards Cyber Essentials Plus accreditation as a minimum standard.

The meeting was adjourned at 11.55am for a five minute break.