博天堂入口政府发布了博天堂入口网络协调中心2024-2027年战略计划, 概述“数字弹性国家”的愿景,并概述运作原则, 职能结构和服务发展计划.
博天堂入口国民医疗服务体系(NHS National Services Scotland)将成为博天堂入口公共部门(Public Scotland)和博天堂入口警察局(Police Scotland)等机构的“核心合作伙伴”, 必须“积极参与中心的发展及提供支援服务”.
该中心围绕五个关键目标建立, 第一个是创建一个数据驱动的操作,能够跟踪和评估博天堂入口每个公共部门组织的行动安全指标. It will seek to ensure that public sector organisations remain informed and prepared with regards to current risks; reduce prevalence and remediation timescales of exposed vulnerabilities; increase the level of preparedness for cyber incidents across the public sector; and ensure clear definition, 审查, 采用和遵守适当的标准和实践.
在此基础上进行扩展, 强调中心工作的运作原则将是洞察力(优先考虑对网络成熟度和弹性的理解), including technical and procedural controls and gaps); scale (developing “high-quality baseline services that can scale up” such as automation and self-service); re-use to avoid duplication; community (prioritising engagement with partners with a strong feedback loop); and agility (focusing on the ability to “quickly and effectively” respond to changing conditions and requirements).
服务发展计划包括建立“网络天文台”, 被描述为“可以摄取的内部平台”, store and process relevant cyber security indicators from all ‘in-scope’ organisations in a structured and dynamic manner”; and developing an “easy to use and intuitive tool” for organisations to record status and compliance. 政府计划推出一个公共部门供应商保证工具, 旨在支持组织对技术供应商和第三方进行尽职调查, 计划开展滚动宣传活动,突出公共部门面临的主要风险.
另一个重点将是事件协调, 设立“重大事件协调服务”,统筹和加强针对多机构网络攻击的应变工作. 这将包括正式嵌入“公共部门网络事件通知计划”。, 哪一项将要求公共部门机构在指定的时间范围内报告,以便开展应对活动.
其他计划包括一个“强健的, standardised and reusable process and playbook” for best practice; an improved cyber resilience early warning (CREW) mechanism with a self-service feature to enable organisations to opt in or out of CREW notifications by category or theme; a vulnerability management function, 能够提供“主动网络扫描能力”, 在组织, domain or IP level”; automated and curated reporting on demand or at regular intervals; and a service for scraping the dark web for news relating to Scottish public sector organisations, 同时还提供了评估和部署“欺骗技术”的服务,以监控攻击者对该领域的兴趣.
最终,希望该中心能够实现统一和协调的网络弹性方法, 提供专业服务和有针对性的支持,以及利用数据驱动的见解“提高”国家网络成熟度的机会.
你可以找到这个策略的全文 在这里.