As The Stack describes Wales has launched the UK’s first ‘National SOC’, a cybersecurity operations centre not just for one organization, but the whole public sector.
As the Welsh Government explains the SOC service will be managed by Cardiff-based firm, Socura, and will safeguard the data of the majority of the Welsh population, as well as 60,000 employees across the public sector.
It is part of the newly published Cyber Action Plan for Wales, and there are plans under the Cyber Action Plan for Wales for it to be extended to other parts of the public sector.
In Scotland they are also looking to apply this approach. This RFP details how Scotland Excel are looking for a partner who can help implement and monitor a managed security operations centre solution for all of Scottish Local Government. All 32 Scottish councils are currently members of Scotland Excel, and as they updated in this blog the Digital Office, a body for co-ordinating digital transformation across Scottish Local Government, has started assembling a team to formalize the requirements.
This follows on from an earlier procurement where a consortium of Scottish Government agencies sought a collective agreement for Penetration Testing Services.
The Scale of Challenge
There is clearly a compelling need for such a capability. The Scottish public sector has recently been subject to a number of cyber attacks exposing their security weaknesses.
NHS Dumfries and Galloway were targeted in a “focused and ongoing” cyber attack, warning that hackers could have acquired a “significant quantity” of patient and staff data, and released on the dark web by a ransomware group. The authority said it was working with Police Scotland, the National Cyber Security Centre and the Scottish government to handle the attack.
This hack also resulted in stolen data for National Records Scotland, and similarly Western Isles Council will have to pay an estimated £500,000 to restore its systems following a cyber attack last year.
As Holyrood reports Health Secretary Neil Gray said the recent cyber-attack on NHS Dumfries highlights the need for “continued investment” in the cyber capability of the public sector. Ministers have been urged to release details of a cybersecurity audit that took place three months before a Scottish NHS health board was targeted by hackers.
National SOC: Specification
The RFP defines the Specification for a National SOC:
“This solution will be a common platform to provide visibility of security events from multiple sources in both the cloud and on-premises environment of the contracting local authority.
The service will also provide a 24/7/365 monitoring of the platform and will take agreed upon delegated actions within agreed SLAs based on the categorisation of the security event. The solution should be based on M365 technologies that allow source log files to be held within the Local Authority.
It is hoped that the solution will offer a range of benefits for Scotland Excel members including:
- Offering a security solution available to all Scottish councils and potentially other Scottish public sector organisations.
- Help to simplify and accelerate the move to a standard system throughout the councils of Scotland.
- Offering financial economies and operational efficiencies.
- Consistent use of data and sources to help monitor and improve security services across all councils
- Develop a sector wide standard for security solutions.
- Increase the security skills of public sector staff and allow the development of a community of interest with a common platform and language.
- Share skills and learning among the community of interest who adopt the solution.”