Neil Gooding 24 March 2020

How does the London Borough of Bexley crack cyber security?

Local councils across the UK face hundreds of millions of cyber-attacks, and as a large London Borough we identified gaps which led us to seek a major change of strategy and significantly raise our level of cyber security.

We had relied on a SIEM tool (Security Incident and Event Management) to manage security. It was particularly weak around log and event management, while difficulties with initial configuration and day-to-day use meant that it wasn’t producing the data that Bexley needed, nor was it being updated.

The tipping point was the result of coinciding Cyber Essentials and PCI DSS (Payment Card Industry Data Security Standard) audit reports, which further highlighted gaps in areas such as intrusion detection and log management.

Our team was flooded with alerts and getting to the point where the old product wasn’t getting used. Although our team would dip into it every now and again, they would be faced with lots of logs that were pretty much meaningless and it was very difficult to drill down to find anything that was of any use. So the only benefit from having the SIEM tool was really to fulfil a tick box; there was little visibility of high priority incidents.

We faced further challenges around budget restrictions, availability of in-house skills and time needed to set up a new system.

Our team always considered that the responsibility for managing cyber security should be owned by the authority and as such was never outsourced. Yet we recognised a major change of strategy was necessary. For us, staff resources were very tight, so it made sense to have experts to set up and manage the tools in order to help maximise our time.

Bexley therefore opted for a managed security service, from Hytec, which sits behind the scenes to guard the Borough against attack. It addresses the very particular set of issues faced by local authorities; significantly enhancing the protection of systems and data, helping achieve compliance requirements and ensuring appropriate security mechanisms are in place.

Our managed security service has five core areas including: activity detection; threat intelligence; protective monitoring; asset ID and management; and vulnerability scanning. Taking a partnership approach to cyber security has significantly raised levels of cyber security, which has proved invaluable.

Our service partner managed the entire council network and we now have access to the same “single pane” one-window view of the security posture of the entire estate. Both Hytec and our internal team also have the same view of the infrastructure and this has improved reporting and strengthened the working relationship.

Through access to a complete service including people, process, technology, intelligence and compliance, we have ensured that our council's security ambitions are realised.

Bexley has strengthened its cyber defenses considerably. For instance, it has been possible to reduce the likelihood of serious security incidents to a minimum. Taking a managed security service approach has supported our in-house ICT team’s incident response procedures and informs them of the necessary corrective actions should an incident occur.

We are also able to check the accounts in use in Bexley, and from other non-UK territories at the same time, there is often a rational explanation for this, but before deployment of the managed security service Bexley had no view of this.

In a recent typical month, there were approximately 18 million possible security events, and from this about 2,000 alarms have been generated of which around six have been escalated via email and other means for further investigation, keeping Bexley cyber-safe.

The security landscape can be a confusing and frustrating area where hidden costs can quickly escalate and IT tools often do not deliver their promised gains. However our experience with a managed security partner has been very different.

Neil Gooding is information security manager at the London Borough of Bexley

For your free daily news bulletin
Highways jobs

Standard Care Broker

Royal Borough of Greenwich
£28,470 - £29,502
You will be working as part of a Brokerage Team. You should have a good understanding of Personalisation/The Care Act and Direct Payments. Greenwich, London (Greater)
Recuriter: Royal Borough of Greenwich

Mental Health Commissioning Manager

Royal Borough of Greenwich
£46,638 - £49,674
It is an exciting time to join Greenwich as part of an Integrated Commissioning Unit for Adults. Greenwich, London (Greater)
Recuriter: Royal Borough of Greenwich

Director (Operations)

Cambridgeshire County Council
£79,467 - £102,014
Reporting directly to the Chief Executive and working closely with elected Members. Cambridgeshire
Recuriter: Cambridgeshire County Council

Administrator/Receptionist - Childrens Centres

Stoke-on-Trent City Council
£20,444 - £22,571
An exciting opportunity has arisen within the Supporting Families Service to work front of house Stoke-on-Trent, Staffordshire
Recuriter: Stoke-on-Trent City Council

Highways Road Worker

Sandwell Metropolitan Borough Council
£21,269- £24,920
An exciting opportunity for a Highways Road Worker has arose based at Taylors Lane, Oldbury. Sandwell, West Midlands
Recuriter: Sandwell Metropolitan Borough Council

Partner Content

Circular highways is a necessity not an aspiration – and it’s within our grasp

Shell is helping power the journey towards a circular paving industry with Shell Bitumen LT R, a new product for roads that uses plastics destined for landfill as part of the additives to make the bitumen.

Support from Effective Energy Group for Local Authorities to Deliver £430m Sustainable Warmth Funded Energy Efficiency Projects

Effective Energy Group is now offering its support to the 40 Local Authorities who have received a share of the £430m to deliver their projects on the ground by surveying properties and installing measures.

Pay.UK – the next step in Bacs’ evolution

Dougie Belmore explains how one of the main interfaces between you and Bacs is about to change.