Attendees and apologies
- David Ferbrache (Chair)
- Bob Hayes (Vice Chair)
- Anne Moises (AM)
- Helen Nisbet (HN)
- Deryck Mitchelson (DM)
- George Fraser (GF)
- DCC Malcolm Graham (MG)
- Jordan Schroeder (JS)
- Freha Arshad (FA)
- Natalie Coull (NC)
- David Aspinall (DA)
- Keith Nicholson (KN) via phone
- Head of ScotlandIS Cyber
- Scottish Cyber Coordination Centre (SC3) Data Sharing and Threat Intelligence Management Lead
Also in attendance
- Head of the Cyber Resilience Unit (CRU)
- CRU Public Sector Lead
- CRU Private Sector Lead
- CRU Programme and Policy Lead
- CRU Policy Manager
- CRU Business Support Officer
- David McNeill (DM)
- Dave McClure (DMC)
- Gordon McGuinness (GM)
- Christian Toon (CT)
- David Hartley (DH)
Items and actions
Welcome, minutes and actions
The Chair welcomed members to the meeting. Minutes were approved and action log reviewed.
Conflict of interest
No conflicts of interest noted.
Cyber threat landscape
ON provided an update on the current threat situation from the National Cyber Security Centre's (NCSC) perspective.
MG provided an update on the current threat landscape from a Police Scotland perspective.
SEP22/01: Cyber Resilience Unit (CRU) to work with Police Scotland and NCSC to align cyber security messaging linked to scams related to cost of living crisis.
SEP22/02: ON to look into any research around the impact of the cost of living crisis on the proliferation of attacks and impact on preparedness of organisations.
Update on year 1 strategic framework activities, followed by discussion of future priorities
Head of the CRU spoke to paper 1, with a focus on the public sector action plan.
SEP22/04: CRU to consider elevating the staffing and recruitment risk to very high and opening it as a live issue.
Head of CRU presented Paper 2 which highlighted the breadth of activity that has been delivered by partners during year 1 of the strategic framework. The Board were keen on seeing more analysis of the difference this activity has made. The analysis report is now planned to be published at the end of year 2 of the strategic framework.
SEP22/05: FA to set up working group to examine what activity would impact most on the private sector, in working with the CRU to examine previous activity.
The Chair led a discussion on what the Board thought were the priorities going forward. The Board agreed the following priorities:
- cyber assurance of the public sector
- education and skills – general and growing the skills pipeline
- supply chain cyber security
- procurement processes
- supply chain security
The Board also felt that it was important to demonstrate how cyber resilience underpins wider government priorities.
The Board requested that the scale and complexity of the challenge needs to be set out.
These would be taken into consideration as the CRU prepares next programme of work and will also be referred to when the Board meets the Cabinet Secretary for Justice and Veterans at the next Board meeting.
Update on cyber security industry in Scotland
Head of ScotlandIS Cyber presented a short update on the cyber security industry and key events coming up in Scotland.
Cyber Security Month activity
CRU Policy Manager provided information to members on upcoming cyber events during Cyber Security Month.
SEP22/06: CRU Policy Manager to send members a list of upcoming events.
CRU Programme and Policy Lead summarised project progress and presented future priorities and likely recruitment timescales.
SC3 Data Sharing and Threat Intelligence Management Lead shared information on progress with the intelligence and data sharing workstream.
CRU Private Sector Lead shared information on progress with the incident co-ordination and exercising workstreams.
Any other business
SEP22/05: CRU to follow up with Board members who could assist in moving forward the audit and assurance activity.
The next Board meeting will be on 6 December 2022, 10.00- 14.00. Location to be finalised.
There is a problem
Thanks for your feedback