Scotland’s new Cyber Resilience Framework

Published
2/26/2021

Launched during Cyber Scotland Week, The Strategic Framework for a Cyber Resilient Scotland. builds upon the Scottish Government’s first cyber resilience strategy, which was published in 2015, expanding on its achievements and tackling new and ongoing challenges.

Digital technologies are critical to the functioning of society and the economy and this new Framework recognises that cyber resilience is not simply an ‘IT issue’, but rather the very backbone to the country’s operational resilience and business continuity – and to its capacity to grow and flourish as it adapts to a increasing demands of operating online.

Recent incidents like the ransomware attack on the Scottish Environment Protection Agency (SEPA) have only solidified the need to be able to orchestrate a national response which can rapidly mobilise the support that organisations need to detect, respond and recover from a major cyberattack. And the new Framework emphasises the need for a secure-by-design approach for the public sector, across the supply chain.

Therefore, Scotland’s pathway to achieving its vision will be cemented by a partnership which will bring the public and private sectors together to help raise cyber resilience awareness, skills, standards; and to foster a collective capability to respond to a major cyber incident.

Indeed, the Framework focuses on 4 outcomes, which are as follows:

1. People recognise cyber threats and are well prepared to manage them.

2. Businesses and organisations recognise the cyber risks and are well prepared to manage them.

3. Digital public services are secure and cyber resilient.

4. National cyber incident response arrangements are effective.

There a number of cross-cutting enablers which will help realise the Framework’s strategic ambitions and these will ensure consistency of effort and impact across sectors; assist with reporting against specific activities; and provide structure for the public sector, private sector, third sector, and learning and skills action plans which underpin the outcomes. These enablers are:

  • Knowledge of risk and threat
  • Tools, processes, standards, regulations and compliance
  • Learning and skills
  • Incident management, response and recovery
  • Access to cyber security technical expertise
  • Innovation and academic research

The Framework, which will be overseen by the National Cyber Resilience Advisory Board, is not time-bound, but its action plans will run from 2021 to 2023; and these will be reviewed annually to monitor progress made using the strategic indicators set out in Annex D. Furthermore, Scotland’s Framework and the UK Government’s National Cyber Security Strategy are mutually supportive.

A partnership approach

The Cyber Scotland Partnership is a collaboration of key strategic stakeholders – including the Scottish Government, SCVO, NCSC, Police Scotland and Skills Development Scotland – which will help to coordinate efforts to improve Scotland’s cyber resilience; and drive the activities which will help to achieve the Framework’s outcomes.

One of the first steps the partnership has taken is to launch CyberScotland.com aimed to be a one-stop-shop for advice, guidance and resources on cyber services, incident response, and cyber skills and careers.

Read more about Scotland’s cyber resilience framework here.