We use cookies to collect anonymous data to help us improve your site browsing experience.

Click 'Accept all cookies' to agree to all cookies that collect anonymous data. To only allow the cookies that make the site work, click 'Use essential cookies only.' Visit 'Set cookie preferences' to control specific cookies.

Set cookie preferences

Your cookie preferences have been saved. You can change your cookie settings at any time.

Collection

Scottish Cyber Coordination Centre (SC3)

Directorate
Digital Directorate
Topic
Business, industry and innovation

The Scottish Cyber Coordination Centre (SC3) is the focal point for Scotland’s cyber security and resilience.

Introduction

The Scottish Cyber Coordination Centre (SC3) is the focal point for Scotland’s cyber security and resilience, providing services to help protect against cyber incidents while promoting adherence to appropriate standards and best practices across critical functions and infrastructure. It supports the delivery of The strategic framework for a cyber resilient Scotland

Note: This webpage is for general information about SC3 and guidance, and not for reporting cyber incidents.

SC3 will take cyber incident reports from Scottish public sector organisations as part of the Scottish public sector incident notification procedure. For all other organisations we encourage reporting of a cyber security incident to the National Cyber Security Centre (NCSC) and to Police Scotland.

Strategic plan

We published our strategic plan 2024 to 2027 in September 2024. It provides an overview of SC3’s operating principles, functional structure, and service development plans to support the mission and objectives of the Scottish Cyber Coordination Centre.

Our work is structured into five workstreams:

  • incident coordination
  • threat intelligence
  • cyber exercising
  • vulnerability management
  • standards and insights

Incident coordination

The ability to co-ordinate multi-agency incident response with speed and consistency is key to the successful handling of serious, national-level and multi-impact cyber incidents. This workstream is about supporting victim organisations to manage and recover from a cyber incident and communicate key information to other stakeholders if required.

SC3 works closely with National Cyber Security Centre ( NCSC) and Police Scotland to support organisations in dealing with significant cyber incidents by bringing external expertise to incident management teams through its multi-agency coordination process. In doing so the SC3 provides a 24/7/365 on call support.

Supporting resources:

Threat intelligence

Relevant and actionable information on threats, vulnerabilities and malicious actors, contributes to pragmatic risk assessments for organisations and can support effective response and mitigations to changing environments and circumstances. SC3 supports improving access to and sharing valuable cyber threat intelligence.

Supporting resources:

SC3 threat reports are available to subscribers at Cyberscotland.com.

These include:

  • daily threat bulletin
  • weekly vulnerability report
  • monthly ransomware report

The Scottish public sector is encouraged to improve automated threat intelligence sharing through joining the CyberShield Malware Information Sharing Platform (MISP). To learn more about MISP contact SC3@gov.scot.

Cyber exercising

This workstream focusses on assisting and encouraging organisations’ preparedness through exercising against the most common cyber attack scenarios and testing cyber incident response plans to improve organisational preparedness.

SC3 is developing a cadre of trained staff across the Scottish public sector to enhance cyber exercising resilience and support increased cyber exercising.

 Cyber exercising resources:

Vulnerability management

Recognising that the exploitation of known vulnerabilities is a common attack vector for hostile actors, assisting organisations with their own vulnerability management activities is another core function of SC3. This workstream is about issuing timely and relevant alerts to organisations about the latest vulnerabilities.

The latest SC3 vulnerability coordination procedure is linked below:

Standards and insights

This workstream aims to better understand the public sector’s cyber resilience posture while setting proportionate security expectations. 

Cyber observatory

The Standards & Insights workstream uses data from the Scottish Public Sector to improve cyber resilience. Responses to our Cyber Resilience Assessment (CRA), delivered through our new Cyber Observatory, help SC3 strengthen the support, advice and services we offer.

The workstream’s research projects on lessons learned from incidents - so far focused on MFA and Legacy - feed into case studies, best practices, and strategic interventions. These will support the sector’s transition to the Cyber Assessment Framework.

Guidance, good practice, and reporting procedures publications

Contact

Email: SC3@gov.scot 
Tel: 0300 244 9700

Back to top