10 Oct 2023
by Dr. Andy Lilly

Building resilience in the Public Sector – How secure mobile communications are a key part of the solution

Guest blog by Dr. Andy Lilly, CTO of Armour Comms #techUKCyber2023

With the ever-increasing incidence of cyber attacks, particularly via mobile phones, cyber security is one of the biggest threats to public services, critical national infrastructure (CNI) and citizens’ data. Almost everyone carries a mobile phone, and many of us take for granted the connectivity and convenience they provide.  However, this very convenience also opens up a whole host of risks around data security.  As most personal phones are also used for work communications, that means that business data is at risk too!

When it comes to harnessing technology to provide resilience in the public sector, mobile phones play a key role.  While providing a huge risk to organisations, mobile phones are also part of the solution – so long as they are used in the correct way and that business and personal data is separated and managed on them (e.g. via a Mobile Device Management solution). This is equally true for BYOD devices that are used for business but that the organisation does not manage.  An enterprise secure communications platform can ensure separation between business and personal data, even on BYOD devices.

Independent, trustworthy communications channels

A secure communications platform that runs independently of the mass-use consumer-grade apps that are very often monitored and targeted by hackers and other malicious and state-backed actors, can provide a communications channel when other corporate systems are compromised. This is a critical requirement when first discovering a cyber breach and marshalling a response. Secure calls, video calls and other communications involving sensitive and even classified data CAN be made safely on ordinary mobiles when appropriately secure software is used. 

Indeed in the US’s National Institute of Standards and Technology (NIST) Computer Security Incident Handling Guide (SP800-61) https://csrc.nist.gov/pubs/sp/800/61/r2/final, in Section 3.1.1 Preparing to Handle Incidents it states that “...smartphones are one way to have resilient emergency communication and coordination mechanisms. An organization should have multiple (separate and different) communication and coordination mechanisms in case of failure of one mechanism.” 

Increasing scope of Cyber Assessment Frameworks

To combat the increasing cyber risks, the National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) and NIST Cybersecurity Framework (CSF) have both recently increased their scope to cover more scenarios and more industries. Likewise, in the EU the NIS2 Directive (which takes effect from October 2024) has extended the previous NIS 1 regulations.

NCSC CAF and NIST CSF both suggest that groups with key contacts/structure, such as suppliers, law enforcement, internal groups and stakeholders, SOCs, etc. are pre-defined and set up in preparation for when an incident occurs, so that communications can begin immediately on the secure channel. With a built-for-purpose secure communications platform, organisations are able to pre-define the groups for internal and external contacts and integrate them into business continuity processes in the event of a critical incident.

Secure Communications – Beyond Critical Incident Management

There are many other ways in which a secure comms platform can help public sector organisations to increase resilience by supporting compliance with cyber security and assessment frameworks beyond simply providing a safe communications channel in the event of an attack:

  • Incident co-ordination with colleagues, collaborators and third parties
  • Supply chain communications
  • Central user management, for rapid deployment and (just as importantly) one-click revocation of lost or stolen devices, ensuring only authorised users can access your secure communications
  • Identity-based authentication so that users can be sure who they are communicating with (protect against spoofed accounts, identity theft and deepfake scams)
  • Data security for corporate information held on BYOD devices. Features such as Message Burn and remote wipe capabilities mean that the organisation keeps control of data within its secure communications ecosystem, even after it has been sent
  • Resilient communications networks supported by ‘out of band’ channels that do not rely on the public internet so are more robust to attack
  • Response and recovery planning is kept private and secure, so that adversaries cannot monitor plans and progress

In the event of a serious incident on critical infrastructure including a cyber attack, it is crucial for public sector organisations to have an independent, out-of-band communications channel. It is also important that everyone knows how to use the channel, so that if the worst does happen, precious time is not wasted reminding everyone of how they should be communicating (assuming that that is even possible if standard comms channels have been compromised). Given the increasing requirement for using secure communications within government, public sector, CNI and regulated industries, organisations should start investigating suitable solutions sooner rather than later.

For more information visit: www.armourcomms.com or call us on 020 38 37 36 01


techUK’s Cyber Security Week 2023 #techUKCyber2023

The Cyber Programme team are delighted to be hosting our annual Cyber Security Week between 9-13 October.

Click here to read all the insights

Join us for these events!

11 October 2023

Cyber Innovation Den 2023

Central London Conference

Cyber Security Programme

The Cyber Security Programme provides a channel for our industry to engage with commercial and government partners to support growth in this vital sector, which underpins and enables all organisations. The programme brings together industry and government to overcome the joint challenges the sector faces and to pursue key opportunities to ensure the UK remains a leading cyber nation, including on issues such as the developing threat, bridging the skills gap and secure-by-design.

Learn more

Join techUK's Cyber Security SME Forum

Our new group will keep techUK members updated on the latest news and views from across the Cyber security landscape. The group will also spotlight events and engagement opportunities for members to get involved in.

Join here

Cyber Security updates

Sign-up to get the latest updates and opportunities from our Cyber Security programme.

 

 

 

 

Related topics

Authors

Dr. Andy Lilly

Dr. Andy Lilly

CTO, Armour Comms