National Cyber Resilience Advisory Board (NCRAB) minutes: March 2022

Minutes from the National Cyber Resilience Advisory Board (NCRAB) meeting on 8 March 2022.

Attendees and apologies

Board members:

  • David Ferbrache (Chair)
  • Bob Hayes (Vice-Chair)
  • DCC Malcolm Graham (MG)
  • Keith Nicholson (KN)
  • Christian Toon (CT)
  • Louise Macdonald (LM) 
  • David McNeill (DM)

Partial attendance:

  • Gordon McGuinness (GM)
  • (ON)

Also in attendance:

  • Head of Cyber Resilience Unit
  • CRU Public Sector Lead
  • CRU Private Sector Lead
  • CRU Third Sector Lead
  • CRU Learning and Skills Lead
  • CRU Communications and Policy Lead
  • CRU Programme and Policy Lead
  • Programme Manager
  • Secretariat
  • Head of ScotlandIS Cyber – part attendance
  • Digital Economy Specialist, Scottish Enterprise – part attendance


  • David Aspinall (DA)
  • Anne Moises (AM)
  • Helen Nisbet (HN)
  • (DH)
  • Dave McClure (DMC)
  • (RA)

Items and actions

Welcome, minutes and actions

The Chair welcomed the members to the meeting.

Minutes were agreed and action log reviewed.

Conflict of nterest

No conflicts of interest noted.

Cyber threat landscape

ON provided an update on the current global situation and provided a link to advice on actions to take during periods of on heightened risk.

MG reported that there was nothing specific to add in terms of the global situation, but noted a general rise in cyber-enabled and cyber-dependent crime.

MAR22/01: The CRU to follow up on potential of scams involving charitable donations around Ukraine with SG Scams and Third Sector policy teams.

CyberScotland week (CSW)

Head of ScotlandIS Cyber shared some information slides on CSW, but advised that since the week had only just ended data and feedback were still being collated.

This year’s theme was Learning for life online with 89 events scheduled by 59 hosting organisations. 

The majority of events were virtual, with some hybrid and in-person. There was good engagement across Scotland in terms of location - any events which were recorded will be added to the website and be available for viewing throughout the year. Details of social media stats, ministerial events, and photographs will also be included.

The Chair thanked all involved -both organisers and speakers.

Discussion on Scotland’s cyber security industry

Scottish Enterprise’s Digital Economy Specialist introduced and spoke to the tabled paper.

The Chair welcomed views on whether the right support structure for the industry is in place. A wide-ranging discussion followed with points raised including: support and investment for organisations beyond a certain size; potential lack of a forum where the community/industry can connect; the need for connection with other policies and projects (NSET, talent pipelines NSET, CivTech); gender balance in the industry; SG and SE investment; need for specific support for cyber; duplication in start-ups; potential future activities from ScotlandIS.

MAR22/02: CRU Learning and Skills Lead to share data/paper on equalities.

Chair suggested a sub-group to discuss investment. CT, Scottish Enterprise’s Digital Economy Specialist, Head of ScotlandIS Cyber and RA volunteered to be included.

MAR22/03: Head of ScotlandIS Cyber to set up the sub-group and report back on progress at next meeting.

MAR22/04: CRU to consider links with recently launched National Strategy for Economic Transformation (NSET).

UK cyber strategy

The Head of Cyber Resilience Unit advised that the CRU had been working with UK Government on its Cyber Strategy since its development and launch last year and flagged the UK Ecosystem and Cyber Resilience pillars as most relevant; CRU had carried out a detailed mapping process against Scotland’s Strategic Framework and will feed in deliverables to the UKG’s performance framework.

The Head of Cyber Resilience Unit advised that a UK Board, with a similar remit to NCRAB is being set up. 

MAR22/05: CRU to pursue Devolved Administration attendance/involvement at the UK NCAB, if possible.

Cyber Resilience Framework: delivery update

The Head of Cyber Resilience Unit presented an update on the key deliverables of the framework, adding that she welcomed feedback on the pack and presentation. She reiterated that stronger engagement with the public sector is a priority; the interim Progress Report for year one will include an analysis of delivery partners’ progress reports.

The Vice-Chair requested sight of progress of measures in use, highlighting the DFM’s previous request for assurance around the public sector. At a previous meeting it was agreed that the CRU would only report by exception, highlighting progress and bringing any issues to the table if appropriate.

MAR22/06: The CRU to share list of indicators/measures for both high level outcomes and action plan activities.

MAR22/07: The CRU to share an overview of the results of the Public Sector Cyber Resilience Assurance Survey once ready.

Scottish Cyber Coordination Centre (SC3) update

The CRU Programme and Policy Lead presented slides on the overall progress of the SC3, and provided detail on proposed workstreams, a draft organisational structure, key partner organisations, and future governance.  

The Board congratulated the CRU and Police Scotland on progress to date.

MAR22/08: The CRU Programme and Policy Lead to provide details on the potential roles of each key partner organisation as the centre evolves.


The Chair flagged plans for board member refresh. The Chair will be in contact with Board members over the next few weeks to discuss.

LM flagged the need to for a focus on diversity.

MAR22/09: Chair and Head of Cyber Resilience Unit to discuss the status of future Board members.


The next Board meeting will be on 7 June 2022, 09:30 – 14:30.

Back to top