Scotland enhances its cyber resilience
Image copyright Shutterstock
A newly published refreshed Strategic Framework for a Cyber Resilient Scotland details actions and support to help people, businesses and organisations across Scotland, including local authorities, NHS boards and schools to recognise and prepare for inevitable cyber threats and ensure that Scotland stays ahead of the ever-growing cyber risk.
The Scottish Cyber Coordination Centre’s Cyber Observatory will analyse and share early warnings on cyber threats across the public sector, helping to identify emerging risks so organisations can be more proactive in managing the online threat.
As part of the refresh, the Scottish Government will continue to support take-up of cyber security learning opportunities across schools, colleges and universities. We have also pledged £300,000 to the Upskilling Fund to strengthen the cyber security skills of the public sector workforce.
This Framework details a vision to protect Scotland’s digital infrastructure and security by embedding cyber resilience into the design of systems – safeguarding the critical public services that people across Scotland rely on every day.
Justice Secretary, Angela Constance said: “Digital technology is driving Scotland’s economic growth and shaping our future. That’s why cyber resilience and digital safety are more important than ever.
“We all rely on websites, apps, systems, and data in our daily lives – and while they bring great benefits, we must ensure they are safe and secure to use. Cyber threats are evolving rapidly, and it is our shared responsibility to meet the challenges facing Scotland. The Scottish Cyber Coordination Centre’s Cyber Observatory in particular will be vital in alerting organisations to potential threats.
“This strategic framework promotes essential collaboration across government and sectors. Those partnerships are vital to keep our people, businesses, and services safe – and for building a digitally secure and resilient Scotland.”
Karen Meechan, CEO of ScotlandIS and Chair of the CyberScotland Partnership said: “A cyber resilient Scotland is built on partnership. This framework sets out not just what we need to protect, but how we work together across public, private and third sectors to do it. Our resilience depends on our shared commitment to act, learn and support one another”
David Ferbrache OBE, managing director at Beyond Blue said: “Scotland is leading the way in the UK with its updated cyber resilience framework. As the framework notes, major cyber attacks are no longer an outlier, they are becoming the norm, directly impacting Scotland’s economy, its public services and its citizens. It’s essential the country’s cyber defences and resilience efforts keep pace.
"What really stands out about the framework is Scotland’s recognition of the importance of community collaboration to meet its objectives. The framework lays out how SC3, Police Scotland, the NCSC, the National Cyber Resilience Advisory Board and CyberScotland will work together to collaborate on resilience efforts, track and analyse threats, prevent crimes, coordinate incident response, drive awareness and support victims of crime.
"This is clear recognition that national cyber resilience is a community effort, it can’t be achieved by working in silos. The framework also sets out seven bold outcomes to drive a more resilient nation. Among the seven key steps, there is a focus on ensuring digital public services are cyber resilient and the effective management of cyber risks in public sector organisations. These are vital objectives, however, in practice, these services do not operate in isolation.
"The framework itself acknowledges that Scotland’s digital public services are deeply interconnected with the third sector, which comprises around 46,000 organisations delivering vital support in areas such as health, social care and education. This interdependence presents a significant challenge: while some services clearly fall within the scope of Critical National Infrastructure, many others do not, yet when outages or cyber attacks occur, the impacts can be cascading.
"As we drive for greater accessibility and interconnectedness, we must also recognise that this increases the complexity of building resilience. To establish true resilience in an ever more interconnected world, this requires more than mere awareness; substantial investment and strong leadership are essential.
"Overall, the primary goal must be to ensure that the ambitions of the framework are achieved not only within public services but across the entire ecosystem of organisations we depend on.
"While the framework rightly focuses on security professionals, tooling and technology alone are not enough. The greatest impact will come from boards and leaders in all sectors actively acknowledging and managing these risks and prioritising their own resilience.”
