The Scottish Government has published the strategic plan for 2024-2027 for the Scottish Cyber Coordination Centre, outlining the vision for a “digitally resilient nation” and setting out an overview of operating principles, functional structure and service development plans.
NHS National Services Scotland is to be a “core partner” among others such as Public Scotland and Police Scotland, required to “actively contribute to the development of the centre and support service offering”.
The centre is built around five key objectives, the first being to create a data-driven operation capable of tracking and evaluating actioning security metrics for every public sector organisation in Scotland. It will seek to ensure that public sector organisations remain informed and prepared with regards to current risks; reduce prevalence and remediation timescales of exposed vulnerabilities; increase the level of preparedness for cyber incidents across the public sector; and ensure clear definition, review, adoption and adherence to appropriate standards and practices.
Expanding on this, the operating principles underlining the centres work will be insight (prioritising understanding of cyber maturity and resilience, including technical and procedural controls and gaps); scale (developing “high-quality baseline services that can scale up” such as automation and self-service); re-use to avoid duplication; community (prioritising engagement with partners with a strong feedback loop); and agility (focusing on the ability to “quickly and effectively” respond to changing conditions and requirements).
Service development plans include creating a ‘Cyber Observatory’, described as an “internal platform that can ingest, store and process relevant cyber security indicators from all ‘in-scope’ organisations in a structured and dynamic manner”; and developing an “easy to use and intuitive tool” for organisations to record status and compliance. There are plans to roll out a public sector supplier assurance tool, designed to support organisations in conducting due diligence against technology vendors and third parties, and plans for rolling awareness campaigns highlighting key risks against the public sector.
Another key focus will be on incident coordination, with a Major Incident Coordination service to “orchestrate and enhance” response efforts against multi-agency cyber attacks. This will include the formal embedding of the ‘Public Sector Cyber Incident Notification Programme’, which will require public sector organisations to report within a specified timeframe to enable response activities.
Other plans include a “robust, standardised and reusable process and playbook” for best practice; an improved cyber resilience early warning (CREW) mechanism with a self-service feature to enable organisations to opt in or out of CREW notifications by category or theme; a vulnerability management function, capable of delivering “active cyber scanning capabilities, at organisation, domain or IP level”; automated and curated reporting on demand or at regular intervals; and a service for scraping the dark web for news relating to Scottish public sector organisations, along with a service for evaluating and deploying “deception technologies” to monitor attacker interest in this space.
Ultimately it is hoped that the centre will enable a unified and coordinated approach to cyber resilience, providing specialist services and targeted support and an opportunity to “raise the bar” on national cyber maturity with use of data-driven insights.
The strategy can be found in full here.