Action plan for public sector fast-tracked after cyber attack

Ransomware screen grab Image copyright PA
Image caption NHS systems were targeted by cyber-criminals

Measures to help protect public sector bodies against future cyber-attacks are to be stepped up, Scotland's justice secretary has announced.

Michael Matheson said an action plan, which includes the publication of guidelines, was being "accelerated".

It followed an emergency meeting of the Scottish government's National Cyber Resilience leaders' board (NCRLB).

Eleven Scottish health boards were among those targeted by last Friday's global ransomware attack.

NHS National Services and the Scottish Ambulance Service also suffered computer system problems as a result of the virus, known as Wanna Decryptor or WannaCry.

In a statement to the Scottish Parliament, Health secretary Shona Robison, described the global cyber attack as a "wake-up call" and said lessons would be learned.

She confirmed that about 1% of NHS computers in Scotland had been affected, typically in GPs surgeries.

Meanwhile Mr Matheson chaired the NCRLB meeting, where he committed to take forward the public sector action plan.

It includes:

  • Developing a set of guidelines and standards for all public sector bodies to achieve by 2018
  • Support for all 121 public sector organisations to achieve accreditation to the Cyber Essentials standard as a minimum requirement
  • Production of a public awareness strategy

Mr Matheson said: "Today I chaired a meeting of the National Cyber Resilience Leaders' Board which discussed what lessons we can learn from this incident and how we can take forward the publication of an action plan to ensure we are as prepared as possible for future incidents.

"We need to be clear that combating threats of this nature isn't something government can achieve alone. Cyber security is everyone's business and we need to ensure that all organisations have appropriate safeguards in place.

"I would like to thank all NHS staff who have been working hard to make sure the impact of this attack has been effectively managed."

Hugh Aitken, chief executive of CBI Scotland and chairman of the NCRLB, said: "The Scottish government had the vision to put this board in place to design and execute a protection plan for Scotland, covering both public and private sector.

"We aim to have our proposals on taking forward this action plan in front of ministers for their approval by June."

More on this story