| Key action no. |
Action required of: |
Requirements |
Deadline |
Page no. action plan |
| 1 |
SG, NCRLB, private sector partners.
SG |
- Seek private sector views (including SME sector) on whether there is a case for extending regulatory requirements around cyber resilience more widely across the Scottish private sector.
- Communicate findings to UK Government to inform consideration of the need for greater regulation of cyber resilience across whole of UK.
|
Ongoing basis
Ongoing basis |
23 |
| 2 |
SG, NCRLB, private sector partners
SG, NCRLB, private sector partners |
- Consider options for developing a Private Sector Cyber Resilience Framework or Pathway, with a particular focus on unregulated sectors and SMEs. To include:
– Work to develop a stronger understanding of core cyber resilience requirements currently encompassed by NCSC schemes and guidance, other common standards and key supply chain policies as they apply to the Scottish private sector (particularly SMEs), and how these relate to progressive levels of cyber risk.
|
Spring 2019
Spring 2019 |
25 |
| 3 |
SG, private sector cyber catalysts |
- Explore potential for a more joined up, integrated, national-level approach to cyber resilience across the Scottish private sector (and public and third sectors).
- Develop and put forward recommendations to the Scottish and/or UK Governments on the basis of this work, and/or align recommendations/proposals with initiatives such as the Can Do Innovation Funding Challenge and the SICSA Cyber Nexus.
|
Ongoing
Ongoing |
27 |
| 4 |
SG, NCRLB, NCSC and key private sector partners |
- Undertake work to strengthen systems of advice and support and awareness raising activities – initial "target landscape" identified and achieved.
|
Spring 2019 |
29 |
| 5 |
SG and NCRLB
SG, NCRLB and private sector cyber catalysts |
- Begin work with NCSC and key private sector partners in a Private Sector Cyber Catalyst Working Group, with initial focus on:
– strengthening leadership for, and helping drive greater awareness and uptake of good cyber resilient behaviours in, the Scottish SME community, including through the use of supply chain measures;
– strengthening coordination and knowledge sharing in respect of cyber resilience across key private sector companies operating in Scotland;
– supporting and promoting uptake of key educational initiatives in Scotland, including cyber security apprenticeships; and
– helping shape recommendations in respect of the potential for a more joined up, integrated, national-level approach to cyber resilience across the Scottish private sector (and public and third sectors).
|
From
summer 2018 Ongoing
Ongoing
Ongoing
Ongoing |
31 |
| 6 |
SG, NCRLB and private sector cyber catalysts |
- Seek views from the private sector to help inform the development of the draft public sector supply chain cyber security policy in 2018, so that it takes account of existing good practice in the private sector.
- Identify current common core supply chain cyber resilience requirements that are placed on SME suppliers in key sectors of the Scottish economy, with a view to improving sectoral guidance for the SME community on what they need to do to strengthen their cyber resilience to position themselves to win contracts.
- Building on this analysis, consider the potential for greater cross-sectoral alignment of core supply chain cyber resilience requirements over time.
- Building on any such alignment work, explore the potential for cross-sectoral pooling or accessing of information to support supply chain security across Scotland’s strategic companies.
|
First half
of 2018
Spring 2019
From
spring 2019 From
spring 2019 |
35 |
| 7 |
SG/SE
SG, NCRLB and key private sector partners |
- Continuation of modified voucher scheme for Cyber Essentials
- Explore greater use of incentives and put forward for consideration by NCRLB
|
Autumn 2018
By spring 2019 |
37 |
| 8 |
SG |
- Work with NCRLB, NCSC, CAs/Regulatory bodies and key partners to develop benchmarking, monitoring and evaluation arrangements.
|
By spring 2019 |
38 |
