Protecting local digital services from cybersecurity threats

cyber-security-cybercrime-cyberspace-hacking-h-2021-04-06-04-38-41-utc

Emma Clement, Senior Consultant, Urban Foresight

23 July 2021

You’ve likely heard the term “cyber threat” in the media, but what exactly are these cyber threats?

A cyber threat is a malicious action or event facilitated by a vulnerability that seeks to damage data, steal data, or disrupt digital life in general. Cyber-attacks include threats like computer viruses, malware, phishing, password attacks, data breaches, and Denial of Service (DoS) attacks.

The threat of cybersecurity incidents has been causing increasing concern for Councils and their citizens. Cyber-attacks have the potential to disrupt the use of digital tools and the delivery of services.

Worries about the potential damage of these incidents and the reputation of those that use affected tools can deter organisations from adopting digital tools.

These concerns are as present in Local Authorities as anywhere else. Newcastle City Council are proactive in overcoming them.

How the Council is protecting itself

The Council has been developing a relationship with the National Cyber Security Centre (NCSC), which is part of the Government Communications Headquarters, the UK Government’s intelligence and security organisation.

Since 2019, NCSC has been developing their understanding of the challenges, opportunities and narratives that guide local authorities and their partners when navigating cybersecurity.

They engaged early with Newcastle to learn about their practices and experiences. The Council’s on-the-ground insight supported NCSC to design a set of Cyber Security Principles.

These principles highlight the key considerations that Councils and their delivery partners need to take when developing and operating their smart city, or Connected Place, architecture.

The principles are split into three sections:

Understanding your connected place
Designing your connected place
Managing your connected place

“The Connected Places Cyber Security Principles highlight the key security issues that are likely to arise throughout the lifecycle of a connected place and give guidance on the considerations necessary to mitigate against and resolve them where they arise,” said David from NCSC.

“We are pleased to see the Council’s work to embed the Principles, and we are working with them to weave the Principles into their standard practices, so they can take an informed approach to managing the cybersecurity of their connected place – allowing the benefits of these technologies and environments to be realised without compromising security.”

Moving Forward

The Council will use these principles to guide decision making on digital maintenance, design, development, procurement and partnerships.

NCSC are on-hand to support the Council with any questions or concerns regarding cybersecurity.

They hosted a virtual workshop with Council staff from different service areas and key delivery partners. NCSC presented the Cyber Security Principles and raised awareness of their support.

“Newcastle is recognised as a smart city – we use technology and data to improve services, make decisions and engage citizens.  But it’s really important that we do this in a way that is safe and secure.  The Connected Places Principles are a helpful way of identifying and understanding risk and ensuring that we’re demonstrating best practice”
Jenny Nelson, the Digital Newcastle Programme Manager at the Council

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wordpress_test_cookie	session	This cookie is used to check if the cookies are enabled on the users' browser.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_204843222_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	16 years 5 months 2 days 12 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.

Cookie	Duration	Description
wordpress_ea1e9a6586d19713c7992c3776586b82	past	No description
wordpress_logged_in_ea1e9a6586d19713c7992c3776586b82	past	No description
wordpress_sec_ea1e9a6586d19713c7992c3776586b82	past	No description
wordpresspass_ea1e9a6586d19713c7992c3776586b82	past	No description
wordpressuser_ea1e9a6586d19713c7992c3776586b82	past	No description
wp-postpass_ea1e9a6586d19713c7992c3776586b82	past	No description
wp-settings-0	past	No description
wp-settings-time-0	past	No description

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.

Protecting local digital services from cybersecurity threats

You’ve likely heard the term “cyber threat” in the media, but what exactly are these cyber threats?

How the Council is protecting itself

Moving Forward

Purpose of processing

Data collection

Lawful basis of processing

Data sharing

Rights