Cyber Resilience

Our goal is for Scotland to have a global reputation for being a secure and cyber resilient nation.

What are the key actions that should now be taken forward, and by whom, to achieve delivery of this objective?

   

Why the contribution is important

Cyber resilience is fundamental to the growth and prosperity of Scotland in a global economy. It is also vital for our national security. Our increasing reliance on digital technologies can make us more vulnerable to the criminals who seek to exploit them for malicious purposes. 'Safe, Secure and Prosperous: A Cyber Resilience Strategy for Scotland' set out a number of steps that we all need to take to minimise the risks, including awareness raising, education and skills development and research and innovation.

by ScottishGovernment on November 03, 2016 at 02:39PM

Current Rating

4.5
Average score : 4.5
Based on : 2 votes

Comments

  • Posted by sroebuck November 14, 2016 at 22:40

    How about hacking summercamps where enthusiastic young adults can use a week of their summer holiday to learn some hacking skills and win prizes for hacking into government and banking systems with the full support (both through encouragement and financial incentive) of the organisations being hacked.
  • Posted by GEvans December 02, 2016 at 01:27

    The Cyber Essentials scheme will make Scotland more resilient if implemented by businesses. A way needs to be found to encourage businesses to participate in the scheme. If voluntary participation is not being effective then it needs to be 'enforced' in some way.
  • Posted by Carolineb December 14, 2016 at 20:20

    We need to ensure that the availability and importance of employment opportunities in this area are highlighted to young people and that suitable education exists to meet this need.
  • Posted by KBG December 15, 2016 at 12:28

    The public are not sufficiently aware of scams relating to telecoms and computers.
    Despite warnings from banks, that they will never directly initiate a contact with you, as an example, people are still being targeted by bogus helplines purporting to represent or in partnership with Microsoft or Apple and allowing them to disrupt their computers. Scam emails are also being delivered that trick people into giving away personal or financial details or cause corruption of their digital device.
    The Government could run stronger public awareness campaigns.
    Secondly, more pressure could be put on ISPs to detect and filter these email messages out before they reach the end-user. Regarding phone calls of a similar nature, the voluntary Telephone Preference Service is widely abused by companies who cold-call and also by overseas companies to whom the TPS does not apply. More strong action is required by government to stop this annoying and possibly abusive and intimidating nuisance.
    If in Scotland we can build a competence in cyber-security, this would indeed be a valuable exportable product to boost the Scottish economy.
    The actual level of cybercrime is not really known. Perhaps requiring companies to report their losses would encourage them to take more precautions as well as giving us a better understanding of the level of the threat.
    Perhaps the Data Protection Act could be strengthened around protection of personal data and of access to control parameters in the case of factors affecting personal medical conditions for example.
    Data back-up is of critical importance to companies of all sizes and, especially for small businesses, lack of their data, eg to fulfil customer orders, take new ones or deal with their suppliers could quicly put a company out of business. People generally do not appreciate the possible disruption that can be caused until they have lost data personally.
    For many people, elderly are one group, the cost of using the internet is a key factor so they tend to opt for internet security packages that may not provide as effective protection as paid-for options. Providing a way to ensure that everyone has the best protection available, for example through the ISP, would help ensure the government’s aspirations can be met.
    Under Awareness Raising and Communication (p20): possibly sharing effective solutions and visibility of the effectiveness of alternative protection solutions would provide additional guidance to everyone choosing an option.
    As a small IT business I, for one, was not aware of SCiNET so this is an example of how the intended communication routes have not been successful.
    Under Education etc (p23): Action 1 could probably go across all sectors. Action 4 could include the private sector. Improved education for members of the general public should be included. Cyber qualifications are a good start and can be promoted in the same way as the Computer Driving Licence was (though a lower level would be more appropriate for the general (home) user).
    Annex A (p36 & 37): Heading needs to be adjusted for correct use in electronic form (as desired in a less-paper society) as barely understandable on 2 vertical screens in contrast to 2 facing pages in a printed A4 booklet.

    Include this definition as not appearing anywhere in the document:
    The Third Sector - comprising community groups, voluntary organisations, charities, social enterprises, co-operatives and individual volunteers - has an important role in helping the Scottish Government achieve its purpose of creating a more successful country with opportunities for all to flourish, through achieving sustainable economic growth.
Log in or register to add comments and rate ideas