CBI Scotland’s cyber security conferences are always of interest to me, not only are they Scottish centric, they provide me, a techie, face to face time with business leaders. This allows me to take the pulse of what they are thinking about in terms of cyber security, what they are wanting from cyber security and more importantly how they want people like me to communicate with them about cyber security. (note: I’m using the word cyber a lot here as it’s used by the CBI a lot..judge them not me.)
This years CBI Scotland Cyber Security Conference, had a little bit more than last year. Amongst the vendors talking about the cyber security risk landscape and how their products are key to helping you reduce that risk (Which I find in many instances can really knock the cost/risk ratio out of whack, but that’s for another time) there was a political VIP in the midst.
The VIP in question was a pretty lofty member of the Scottish Government, namely Deputy First Minister John Swinney. Mr Swinney talked in broad terms about cyber resilience, including how Scotland will make use of a number of UK wide initiatives, in addition to this he had some newsworthy announcements to make.
Developed with help from the NCSC and the private sector the Scottish Government has put together an 11 point action plan for the public sector, there is a view that the public sector is behind the curve when it comes to cyber security so plans like this are a positive sign.
One of the key points of the plan is putting cyber security as a permanent point on all public sector boards agendas. This to me is very smart, having buy in from the very top critical to implementing an effective cyber security strategy, without this cyber security can become nothing more than an “IT problem”, which can then quickly become an IT afterthought, which can then quickly become a serious compromise.
The rest of the points cover the standard, but sensible stuff as well, such as “appropriate implementation of Active Cyber Defence measures” and “membership of Cybersecurity Information Sharing Partnership”.
It’s great to see devolved governments getting involved with this kind of stuff. Time will tell if this is a solid foundation for ensuring Scotland’s cyber resilience or if this is merely an elaborate checkbox exercise, but I’ll try and put scepticism aside and say that this is a positive development from the Scottish Government.
Picture credit (I didn’t take any pics): @CybertonicaLtd