National Cyber Resilience Advisory Board minutes: June 2022

Minutes from the National Cyber Resilience Advisory Board (NCRAB) meeting on 7 June 2022.

Attendees and apologies

Board members

  • David Ferbrache (Chair)
  • Keith Nicholson (KN)
  • Christian Toon (CT)
  • Anne Moises (AM)
  • Helen Nisbet (HN)
  • RA

Partial attendance

  • DH

Also in attendance

  • ON
  • Head of Cyber Resilience Unit (CRU)
  • CRU Public Sector Lead
  • CRU Private Sector Lead
  • CRU Learning and Skills Lead
  • CRU Programme and Policy Lead
  • Secretariat


  • ON
  • David Aspinall (DA)
  • Bob Hayes (Vice-Chair)
  • DCC Malcolm Graham (MG)
  • David McNeill (DM)
  • Dave McClure (DMC)
  • Gordon McGuinness (GM)

Items and actions

Welcome, minutes and actions

The Chair welcomed members to the meeting. Minutes were agreed and action log reviewed. 

JUN22/01: Secretariat to invite the Head of ScotlandIS Cyber to provide a more detailed update of the sub-groups work during Board's meeting in September.

JUN22/02: Cyber Resilience Unit (CRU) to provide the text of the National Strategy for Economic Transformation (NSET) references to cyber. 

Conflict of interest

No conflicts of interest noted.

Update on board membership

The Chair discussed the ongoing recruitment for new Board members, highlighting the number, diversity and quality of applications- nine candidates progressed to interview. The Chair expects to appoint six new members, with a phased on-boarding at the September and December Boards. The Chair will be in touch with existing Board members by the end of June, regarding the end of their terms. 

Cyber threat landscape

ON provided an update on the current threat situation from the National Cyber Security Centre's (NCSC) perspective.

ON also listed new and refreshed NCSC guidance. 

CRU Private Sector Lead provided an update from a Scottish Government perspective and highlighted recent Freedom of Information requests. 

Equalities in industry

CRU Learning and Skills Lead presented key findings from a desk-based collation of available evidence aiming to assist in understanding Scotland's international standing in providing equity of access to careers in cyber security. The report focused on six dimensions - gender, neurodiversity, ethnicity, disability, age and socio-economic background. 

JUN22/03: Board members interested in work around encouraging candidates with neurodiversity into careers in cyber security to contact CRU Learning and Skills Lead.

JUN22/04: CRU Learning and Skills Lead to link in with KN and CT to discuss a workshop currently being planned. 

The Board endorsed the idea of a workshop to consider improving the diversity and equalities within the industry, possibly during Cyber Security Month in October. 

JUN22/05: CRU Learning and Skills Lead to contact Board members with more details of the event for Cyber Security Month. 

Public sector cyber resilience assurance survey- emerging findings

CRU Public Sector Lead presented emerging findings of the survey, setting these out in the context of previous survey results. The Board discussed the emerging trends and risks. 

JUN22/06: CRU Public Sector Lead and the Chair to draft a paragraph presenting the Board's view for inclusion in the submission to Ministers on the survey results. 

Cyber resilience framework delivery update

The Head of the Cyber Resilience Unit presented the latest overall position and highlighted that action planning for 2023 to 2025 will begin in the autumn. 

JUN22/07: ON and the Head of CRU to discuss linking with the NCSC's lead for consultancy on the space sector. 

Learning and skills action plan priorities 2022 to 23, including training action plan for the public sector

CRU Learning and Skills Lead focused on the preparatory work underway to implement a training action plan for the public sector. This would include activity to address the skills and competencies gap at Board level, as well as targeted activity to improve the cyber skills of the general workforce.

Discussion then focused on the talent pipeline, current approaches to recruitment and hiring in the competitive market, the NCSC's Board toolkit, the value of apprenticeships and student placements. Capacity to drive change was noted as a challenge. 

JUN22/08: CRU Learning and Skills Lead to arrange a further discussion for interested Board members before the next Board meeting, and provide an update in September. 

Scottish Cyber Coordination Centre (SC3) update

CRU Pogramme and Policy Lead summarised project progress and presented future priorities and likely recruitment timescales. 

JUN22/09: Secretariat to invite Intelligence and Data Sharing Lead and Vulnerability and Incident Management Lead to provide a short summary of scoping work at September Board. 


The next Board meeting will be on 6 September 2022, 10:00 to 15:00 in Edinburgh. 

Back to top