Secure Connected Places External Advisory Group - minutes 7 March 2023
Updated 8 August 2023
Agenda item 1: Welcome and introductions
1. The Chair welcomed members and gave a brief overview of the agenda.
2. The Chair asked members to declare any conflicts of interest. No conflicts of interest were declared.
Agenda item 2: Minutes and actions from the last meeting
3. Members confirmed that the minutes from the last meeting were an accurate reflection. No changes or additions were requested.
4. The Chair noted that all of the actions from the previous meeting had been completed.
Agenda item 3: Secure Connected Places Alpha Playbook
5. DSIT and the Plexal consortium (the supplier) provided an overview of the Secure Connected Places Alpha Playbook:
- The Plexal Consortium consisted of three companies that were contracted by DSIT to undertake this work: Plexal, Configured Things, and Daintta.
- The Alpha Playbook had been created to support local authorities strengthen the cyber security of their connected places. The Alpha Playbook had been developed following consultation with local authorities who had outlined the potential need for practical resources to complement the implementation of the NCSC’s Connected Places Cyber Security Principles.
- The project began in August 2022, and an open call for local authorities to participate in the creation of the Alpha Playbook was launched in September 2022. The criteria for selection was outlined, and out of which 6 local authorities were selected. Three cohorts were created to pair each local authority with another. These were: Westminster City Council and Merthyr Tydfil Council, Perth and Kinross Council and Bradford City Council, and South London Partnership and Dorset Council.
- In order to create and test the contents of the Alpha Playbook, the project included a series of testing sprints and focus groups, and culminated with exit interviews.
- Four resources were created that covered aspects of governance, procurement, threat analysis, and an overarching introduction to the topic and the NCSC Cyber Security Principles.
- The Alpha Playbook included a number of case studies which showcase the different needs of the local authorities who participated in the project, and how the resources provided the solutions to their diverse challenges. A video had also been created to introduce the Playbook. All resources were created through user testing with the local authorities.
- DSIT offered to hold a separate session for members who were interested in finding out more about the Playbook.
6. Members reflected the following:
- The need to engage the broader local authority community. DSIT noted an awareness campaign would be launched. The campaign would seek additional feedback on the resources.
- The need to integrate standards.
- The need for further adjustments as further guidance and advice is developed.
- The existence of any notable gaps.
- What were the key surprises and takeaways from the project.
- Members and the Chair offered their support in raising awareness of the Alpha Playbook across their networks.
Agenda item 4: Transition to the Department of Science, Innovation and Technology
7. DSIT provided an overview of the recent Machinery of Government (MoG) changes, and the transition from the Department of Digital, Culture, Media and Sport (DCMS):
- The transition had been welcomed by teams across Government.
- It was emphasised that MoG changes take time to be fully implemented, and this would be the same as the new department is established.
- The Government’s plan for DSIT was announced on Monday 6 March by the Prime Minister and the Secretary of State.
- Stronger links were expected to be formed between teams moving from the Department for Business, Energy and Industrial Strategy (BEIS), for example, relating to Cyber-Physical Infrastructure.
8. The Chair noted their interest in how the work of teams formerly in DCMS would link in with the new science and innovation programme as part of the transition.
Agenda item 5: Delivery plan updates
Supplier policy workstream
9. DSIT updated attendees on the following progress:
- Workshops had recently taken place to help inform DSIT’s understanding of the standards landscape, and potential future policy interventions. DSIT offered interested members to participate in a future workshop to discuss these potential interventions.
- DSIT were working alongside the Home Office’s Accelerated Capability to Environment (ACE) to understand how best to engage with SMEs on connected places security guidance.
- Following the publication of the Connected Places Market Analysis research, DSIT were exploring outstanding questions in relation to the performance of the market.
10. Members noted the following:
- Members were keen to continue supporting the work of DSIT, and involving other parts of their membership communities into their discussions.
- The Chair offered to provide links into transport bodies.
Demand policy workstream
11. DSIT updated attendees on the following progress:
- DSIT were focused on raising awareness of the Alpha Playbook, and asked for the Group to support this where possible.
- A literature review was being conducted to explore whether public attitudes impact the security and sustainability of connected places. DSIT offered to share the research with interested members, once published.
- Work was progressing to identify the connected places landscape among non-local authorities across the UK. Key sectors of interest were universities, rail stations, airports, and cultural and sporting venues.
12. Members reflected the following:
- Ports were identified as a non-local authority sector that could be of interest to DSIT.
- The importance of Government mitigating future reactive trends relating to emerging technology that could have negative impacts. DSIT noted the importance of central and local government working together, and to better understand the issues impacting citizens that cause these trends to arise.
International policy workstream
13. DSIT updated attendees on the following progress:
- A number of engagements had taken place with international partners, including Japan and the Republic of Korea.
- Work was progressing on DSIT’s International Evidence Building research project. The key objectives and deliverables from the research were outlined, and DSIT offered to share the outputs with members, once published.
- DSIT had participated at two international conferences, both located in Barcelona, since the last meeting of the Group. The themes of security and resilience were identified as topics of increasing interest at these events.
14. Members reflected the following:
- Individuals that were of potential interest to support DSIT’s International Evidence Building research.
- The impact of Google’s sidewalk labs on the growing importance of security and resilience relating to connected places.
- Future international events of interest to DSIT, including the World Cities Summit and Major Cities of Europe’s (MCE) annual conference.
- SOCITM outlined an ongoing project from MCE focused on developing challenges and best practices for the civic sector. The Chair noted the Group would be very interested to hear more about this from MCE, once complete.
Agenda item 6: DSIT visit to Japan and the Republic of Korea
15. DSIT provided an overview of their recent visit to Japan and the Republic of Korea:
- The visit took place in February 2023. DSIT were part of a wider UK Government delegation.
- The programme of the visit was outlined, which included a series of engagements with industry, national and local governments, and site visits, alongside two cyber dialogues and British Embassy Seoul’s Cyber Week.
- The key headlines from the visit were outlined, including a summary of the maturity of connected places projects, the barriers these projects faced, the approach of both countries to cyber security, the role of government and industry, and the role of the citizen.
- A series of questions were provided by DSIT, and members were encouraged to engage with these following the conclusion of the meeting.
16. Members reflected the following:
- Members were engaged in supporting a case study exploring smart cities development internationally.
- The potential opportunities to link in DSIT’s work on cyber security with the ongoing CPC Innovation Twins project with RoK.
- The increasing interest among local governments to engage with Asia-Pacific partners, and the importance of net-zero as a key driver in this.
17. The Chair emphasised the importance of continuing discussions on DSIT’s visit, and asked members to provide further responses to DSIT’s questions.
Agenda item 7: Any other business.
18. The Chair stated the next meeting was likely to take place in June/July 2023.