On 19th January 2017 iNetwork joined together with Security Lancaster and Lancaster University to host a strategic cyber leadership round table workshop in Manchester Central library.
The workshop was attended by 25 senior leaders from across the North of England representing local authorities, transport, housing and the third/social sector. The thinking behind the day was to bring together regional leaders to explore the strategic and leadership issues regarding cyber security in the landscape of modern public services. The thinking from the leader’s discussions and exercises was captured by facilitators from iNetwork and Lancaster University. The overall aim of this event was to capture the strategic thinking around cyber from a range of public service organisations and use it in a forthcoming report to shape and guide cyber policy across the local public sector.
The day’s workshops were run in a style perfected by Dr Daniel Prince from Lancaster University. Delegates were split into 4 working groups and were asked prior to the event to identify key driving forces behind the cyber agenda in their own organisations. On the day of the event the working groups began by taking part in a consensus building exercise whereby the driving forces they had identified for their individual organisations were reviewed, synthesised and clustered with the driving forces identified by other delegates. Examples of the clustered driving forces identified included: cyber-crime, lack of skilled staff and compliance with new legislation.
The next step in this discovery process was to examine the interactions and cause-effect relationships between driving forces within the defined clusters. This is where we began to see some really useful narratives being developed as the strategic leaders sat together to map the causal issues behind their shared cyber security challenges on a bespoke “Cause and Effect Diagram of Driving Forces”. You can see a snapshot of some of this thought process below.
Once the clusters of driving forces were agreed upon and their interactions and causal relationships had been explored, the next step was to discuss and place the clusters on an impact/predictability axis in order to identify the least predictable driving forces which had the highest impact on organisations in terms of cyber.
With reference to this matrix, the work groups considered and discussed the attributes, opportunities and risks of the best and worst case scenarios for the most impactful driving force clusters.
For example, one group identified the increasing demand for more joined up working and data sharing as a cyber driving force cluster with high impact and low predictability.
The group went on to discuss and rationalise what the probable cyber implications would be in a situation with very high levels of sharing, cooperation and joined up working as well as a situation with very low levels. Both scenarios presented both risks and opportunities when it came to the cyber security agenda.
Finally individuals from the working groups were tasked with identifying two or three opportunities or risks identified within the driving force clusters which were most relevant to their own organisations. Using these, they were asked to develop SMART goals so that we could collectively consider appropriate strategies for addressing the various cyber security challenges. The information captured in individual’s SMART targets can now be used to identify commonalities between everyone in order to start to identify common approaches or objectives.
Additionally to the workshop activities, the day was interspersed with lightening talks from industry experts and regional leaders. Phil Swan from iNetwork GM-Connect gave an introductory talk outlining the key challenges we face and delivering a sobering message about the rapidly growing necessity for service providers in, and connected to, the public sector to recognise cyber security as in the top echelon of their risk priorities.
We also heard Cathy Oldham, Head of Civil Contingencies and Resilience Unit at AGMA, give a fascinating talk about the work of the Greater Manchester resilience forum in coordinating and advising on civil and cyber contingency issues in greater Manchester.Finally we were delighted to welcome Tom Cheesewright from Book of the future giving a somewhat visionary lightening talk on the future of public service provision in a rapidly changing world of technology and interconnectivity.
We expect the final report with the findings from this event and other such workshops to be published in the next few months so be sure to watch this space. Once it is published we may hold a reflection and discussion event to examine the findings and implications together with our infosec and cyber communities. We’ll certainly be discussing the workshop and forthcoming report at out EISS events in the near future, we hop to see you there!