What steps is the Welsh Government taking to ensure the highest levels of cyber security are in place across public bodies?
The cyber threat is high, and the risks are clear and present for everyone. The Welsh Government’s Cyber Resilience Unit (CRU) does its utmost to provide tools to enhance cyber resilience and mitigate that risk, as part of the Welsh Government’s Cyber Resilience Framework.
The CRU collaborates with the National Cyber Security Centre (NCSC), UK Cabinet Office, UK Home Office and policing to distribute updated cyber security guidance across Wales.
The Unit oversees projects aimed at enhancing cyber resilience in the Welsh public sector. Some of these key projects are illustrated below.
An innovative on-going Cyber Assessment Framework project will ensure all Local Authorities and Fire and Rescue Services in Wales meet NCSC CAF requirements, improving their cyber resilience. Additionally, the Unit has funded cyber breach workshops for Local Authorities to strengthen their cyber incident management plans and response strategies.
The CRU has recently delivered a number of cyber exercises across Wales, allowing Local Authorities, Fire and Rescue Services and the wider public sector organisations to test and refine their cyber incident management plans, using a real-world cyber-attack scenario. This has enabled them to improve their cyber risk management and overall resilience. A series of cyber resilience events for senior managers in these organisations is planned for December and a multi-agency cyber exercise for January 2025.
In conjunction with North Wales Police Cyber Crime Unit, the CRU developed and funded a video, which was aimed originally at the social care sector in Wales following on from the cyber attack on the UK’s NHS 111 system two years ago. Our social care sector was impacted because their IT platforms were switched off as a precaution. This video has now been viewed over 70,000 times and the four police forces in Wales have used it widely as part of their Prevent programme. Many Local Authorities and other public sector bodies have utilised this video as part of their staff training packages. Two further videos are in the final stages of production, based around ransomware and social engineering. These will be made widely available across all organisations in Wales and further afield.
The CRU funded a programme to offer basic cyber awareness training (called “Cyber Ninjas”) to all Local Councillors in Wales. In addition, this training has also been rolled out across the social care sector in Wales by CRU funding allocated to the policing led Wales Cyber Resilience Centre. Two hundred and fifty organisations have been trained in total. The PCSO allocated to deliver this training recently received a prestigious UK National Cyber Award - National Police Chief’s Council Commissioner’s Choice Award.
CymruSOC is a CRU funded innovative, first of its kind service that uses cyber security threat intelligence, known cyber vulnerabilities and behavioural analytics, which is available to all the public sector in Wales. Currently, the Local Authorities and the Fire and Rescue services are being onboarded on to CymruSOC with an aspiration that more organisations will avail themselves of this service. To date, CymruSOC has already prevented many significant cyber incidents and as more organisations get onboarded this figure will increase, giving better cyber security and resilience protection for our public sector bodies. In September this year CymruSOC won the UK Computing Securities Project of the Year award.