The Brent, Lewisham and Southwark IT Committee met on Tuesday 26 November 2024 to review updates on the Shared Technology Service and its cyber security posture. The meeting's agenda included a detailed look at the performance of the Shared Technology Service, alongside a comprehensive update on cyber security threats and mitigation strategies.

Shared Technology Service Update Report

The committee was scheduled to receive an update on the performance of the Shared Technology Service (STS). This report was expected to cover key performance indicators and provide a detailed overview of the service's performance across the three partner councils: Brent, Lewisham, and Southwark. The report was also to include information on ongoing projects and initiatives, such as the migration to O2 for mobile contracts, the completion of the Private Cloud Project, and the progress of the laptop refresh project. Updates on the implementation of Microsoft Intune, the award of the Managed XDR contract, and the tender process for Service Desk Telephone Support were also anticipated.

The report was to detail service level performance, including metrics for Priority 1 (Major Incidents), Priority 2 (Serious Issues), Priority 3 (General Issues), and Priority 4 (Service Requests). It was also to provide information on onsite support, telephony support, and user experience, alongside overall call number statistics and ongoing service improvements. The STS risk register and progress on audits were also to be presented. Furthermore, the report was to outline the Technology Roadmap for 2026 and beyond, alongside updates on various projects including the future laptop refresh, AlwaysOn VPN deployment, network upgrades, and Windows 2012 server upgrades. Procurement updates and individual council digital updates from Brent, Lewisham, and Southwark were also on the agenda. Finally, the report was to cover the Inter Authority Agreement, strategy updates, financial considerations, legal implications, and equity, diversity, and inclusion considerations.

Shared Technology Service Cyber Security Update Report

A significant portion of the meeting was dedicated to a cyber security update for the Shared Technology Service (STS). This report was intended to provide an overview of the current cyber security status, identified threats, and the mitigation strategies being implemented. The report was expected to detail STS's approach to defending against evolving cyber threats, deterring hostile activities, developing a coordinated response to risks, and reacting effectively to any attacks.

The report was to cover the strategy for 2024-2026, outlining plans for future laptop design, the implementation of Microsoft's biometric authentication, and efforts to reduce vulnerabilities. It was also to address the protection against privilege escalation in cloud and on-premise environments. The report was to highlight the importance of cyber security for local governments, detailing the risks associated with cyber-attacks, including financial and reputational damage, and the potential impact on residents. The strategy was to be aligned with the National Cyber Security Centre's principles of Defend, Deter, and Develop, with a focus on asset management, vulnerability identification, and threat analysis. The report was to detail the actions being taken to defend systems, deter adversaries, develop capabilities, and react to incidents, including the implementation of security policies, multi-factor authentication, and regular training for staff and councillors. Success factors for cyber security, including governance processes, risk management frameworks, and incident response plans, were also to be discussed. The roles and responsibilities of various bodies, including the Joint Committee, Joint Management Board, and all council officers and members, in maintaining cyber security were to be clarified.