Enabling cyber incident collaboration in UK local government through fast-time communication

This paper brings together concepts and ideas to support organisations in implementing cyber incident response and coordination, especially focusing on the need for fast-time communications. Normal business operations are slow-time communication, with the shift to fast-time communication occurring during an operational incident. A good example of fast-time communication is instant messaging as opposed to slow-time e-mail. We are proposing a number of strands to formulate an approach. We realised the standard Playstation 3 theme (P3T) approach applies to fast-time communications and can be augmented to provide a novel application of the P3T. We propose to add governance to ensure that the scope application and use is appropriate, within the scope of a threat profile. We also propose to make use of the consequence relevance acceleration severity and harm (crash) gate framework which facilitates the definition of trigger points for escalation in cyber incident response planning and response. We will present some use cases and explain how to integrate them into existing operating processes and procedures. The temporal activities matrix is discussed, which explains the different slow-time/fast-time activities in a cyber response team/security operations centre (SOC). This paper comes at the end of a three-year work programme for local government in England led by MHCLG which focused on cyber resilience from the ICT side and started to build an approach and capacity within the Local Resilience Forums (LRFs). The work delivered a wide range of workshops and cyber exercises for the English LRFs. There was also a similar programme run by the Welsh Government for the wider public sector in Wales. Finally we explore future research considering an additional application around smart cities, incorporating zero trust architecture.