Department’s cybersecurity leader urges councils to put electoral staff through cybersecurity training

The cybersecurity leader of the Department for Communities and Local Government has warned that it is “only a matter of time” before an election process is hit by a cyberattack, and urged local authorities to ensure their electoral services teams are prepared for such a threat.

William Barker, head of national cyber security programme – local at DCLG, said that the department has been working with the National Cyber Security Centre (NCSC) to examine the nature of the cyber risk posed to elections and referenda, and how it can be mitigated.

“It is only a matter of time before somebody will try some kind of intervention,” he said. “The NCSC guidance offers the best starting position [for local authorities].”

Addressing attendees at the Socitm Annual Conference in Leicester this week, Barker told local authority IT leaders that their council’s team in charge of elections must be properly prepared.

Related content

• UK hit by more than 30 cyberattacks requiring ‘a cross-government response’ in the last year
• GCHQ unveils cybersecurity playbook after pilot with ‘UK’s most spoofed brand’ HMRC
• DCLG offers up to £118,000 for technology chief to ‘reset’ approach to tech

“How many of you have put your electoral services team through a day’s cyber training? This is fundamental. This is what matters to your councillors and your electors,” he said. “On the [NCSC] website there is a free one-day training to make people aware about cyber. Go back to talk to your head of democratic services… This is one significant step we can take to defend our democracy.”

Barker also claimed that changes to the UK’s local-government structure brought about by the election of metro mayors in a number of UK cities and regions represent a chance to instil a keener focus on cybersecurity issues.

He said: “We are seeing an unprecedented change in the way the structures and systems of public service in this system work. Devolution raises a number of questions – it is creating an opportunity to integrate cyber resilience [from the outset]. The new structures and systems allow us to ask some fundamental questions.” 

Barker added: “A few weeks ago I was with a large devolution area and they were taking cyber very seriously. 18 months ago that wasn’t on the agenda.”