Agenda item

To consider Item 9

The Corporate Planning Manager took Members through the six risks being monitored on the Corporate Risk Map. There were three risks being monitored at red rag status. The funding/savings risk; the staff availability risk due to the retirement profile and impact of Covid-19; and due to the impact of the recent court and tribunal decisions, the Firefighter Pension Schemes was being monitored as a separate risk due to the financial and resourcing implications, as well as potential implications for staff availability. There were two risks being monitored at amber rag status, the Pandemic Resurgence risk, everything possible was being done to control and reduce the risk to the workforce and also the public they interact with and the Information Security Risk.

The Director of Legal and Governance updated Members on the Information Security Risk. Microsoft had released security patches to resolve vulnerabilities in operating systems from Windows 7 onwards, this vulnerability would allow the virus/ransomware WannaCry to run. The ICT team had distributed the patches to all devices within 48 hours. Microsoft had also released urgent security patches to resolve vulnerabilities in the Microsoft Exchange Server. These patches were added in a pre-booked server maintenance window the following day and the Authority was now protected from this vulnerability. There had been a notification from the National Cyber Security Centre (NCSC) that a work email address of one of the Authority’s employees had been identified as being in the possession of Qakbot hackers. The ICT team took this notification seriously not least because it was first such notification it had received from the NCSC, and the ramifications of a ransomware infection were very serious. The ICT team spoke to the identified user and checked with the Authority’s security providers to ensure they offer protection to Qakbot, which they did.  After further advice from NCSC it was decided that the email address of the user would be deleted and replaced with a new address to ensure the threat has been removed.

A Member asked if Council email addresses could in anyway cause problems to the Authority’s email system and was advised that the Head of ICT would be asked to liaise with his counterparts at Buckinghamshire Council and Milton Keynes Council to see what was in place regarding security and firewalls.

The Corporate Planning Manager advised Members that the last risk was the risk associated with the move out of the transitional arrangements with the EU. With the UK’s departure, the risk had now been reduced to a green rag status. The Authority had not and did not expect to experience any material disruption to its operations as a result of this.

A Member asked for an update on where the Authority was regarding correspondence with Government over the level of financial support available and was advised by the Chief Fire Officer that the Chairman had written to all local MP’s, and meetings were being arranged to talk about the Authority’s financial position. Once those meetings had taken place, the outcome would be reported back to Members. A meeting with Civil Servants from the Home Office had taken place and the National Fire Chiefs Council had given support concerning the Authority’s financial position. A Civil Servant from the Home Office was going to work closely with the Director of Finance and Assets to look at the financial position moving forward and how it can be changed in terms of the Comprehensive Spending Review next year.

RESOLVED –

1.               The status report on identified corporate risks at Annex C be reviewed and approved.

2.               Comments be provided to officers for consideration and attention in future updates/reports.