The Ministry of Housing, Communities and Local Government (MHCLG) just rolled out a Cyber Assessment Framework (CAF) aimed specifically at local government bodies across the UK. This new framework builds on the National Cyber Security Centre’s existing CAF, providing local authorities with practical guidance and support.
MHCLG highlighted that the framework sets a clear cybersecurity standard for local governments, which face numerous cyber threats like other public sector entities. Past incidents, such as the Pysa ransomware attack on Hackney Council in October 2020, demonstrate the potential disruptions to essential services like housing, affecting daily life for residents and leading to hefty costs and regulatory challenges.
With this enhanced CAF, local governments can better assess and address vulnerabilities that could expose them to cyber attacks. Key steps in the framework include pinpointing critical systems, conducting self-assessments, undergoing independent reviews, and crafting plans to bolster security.
Ben Cheetham, deputy director of digital at MHCLG, stated that this launch signals a shift in focus towards long-term security for local councils. “We’ve been helping councils fix serious vulnerabilities, but now it’s time to enhance their overall cyber resilience,” he explained.
Cheetham emphasized that the CAF encourages a collaborative approach, breaking the notion that cybersecurity is just an IT issue. “This shift is crucial to protecting vital services as threats continue to evolve.”
The first two phases of the CAF—identifying critical systems and self-assessments—are already live, with further stages coming soon. The full rollout is expected by spring 2025, as MHCLG gathers insights from pilot programs. They noted that participation in the CAF is voluntary and can align with other standards like the NCSC’s Cyber Essentials scheme.