Neil Gooding 24 March 2020

How does the London Borough of Bexley crack cyber security?

How does the London Borough of Bexley crack cyber security? image

Local councils across the UK face hundreds of millions of cyber-attacks, and as a large London Borough we identified gaps which led us to seek a major change of strategy and significantly raise our level of cyber security.

We had relied on a SIEM tool (Security Incident and Event Management) to manage security. It was particularly weak around log and event management, while difficulties with initial configuration and day-to-day use meant that it wasn’t producing the data that Bexley needed, nor was it being updated.

The tipping point was the result of coinciding Cyber Essentials and PCI DSS (Payment Card Industry Data Security Standard) audit reports, which further highlighted gaps in areas such as intrusion detection and log management.

Our team was flooded with alerts and getting to the point where the old product wasn’t getting used. Although our team would dip into it every now and again, they would be faced with lots of logs that were pretty much meaningless and it was very difficult to drill down to find anything that was of any use. So the only benefit from having the SIEM tool was really to fulfil a tick box; there was little visibility of high priority incidents.

We faced further challenges around budget restrictions, availability of in-house skills and time needed to set up a new system.

Our team always considered that the responsibility for managing cyber security should be owned by the authority and as such was never outsourced. Yet we recognised a major change of strategy was necessary. For us, staff resources were very tight, so it made sense to have experts to set up and manage the tools in order to help maximise our time.

Bexley therefore opted for a managed security service, from Hytec, which sits behind the scenes to guard the Borough against attack. It addresses the very particular set of issues faced by local authorities; significantly enhancing the protection of systems and data, helping achieve compliance requirements and ensuring appropriate security mechanisms are in place.

Our managed security service has five core areas including: activity detection; threat intelligence; protective monitoring; asset ID and management; and vulnerability scanning. Taking a partnership approach to cyber security has significantly raised levels of cyber security, which has proved invaluable.

Our service partner managed the entire council network and we now have access to the same “single pane” one-window view of the security posture of the entire estate. Both Hytec and our internal team also have the same view of the infrastructure and this has improved reporting and strengthened the working relationship.

Through access to a complete service including people, process, technology, intelligence and compliance, we have ensured that our council's security ambitions are realised.

Bexley has strengthened its cyber defenses considerably. For instance, it has been possible to reduce the likelihood of serious security incidents to a minimum. Taking a managed security service approach has supported our in-house ICT team’s incident response procedures and informs them of the necessary corrective actions should an incident occur.

We are also able to check the accounts in use in Bexley, and from other non-UK territories at the same time, there is often a rational explanation for this, but before deployment of the managed security service Bexley had no view of this.

In a recent typical month, there were approximately 18 million possible security events, and from this about 2,000 alarms have been generated of which around six have been escalated via email and other means for further investigation, keeping Bexley cyber-safe.

The security landscape can be a confusing and frustrating area where hidden costs can quickly escalate and IT tools often do not deliver their promised gains. However our experience with a managed security partner has been very different.

Neil Gooding is information security manager at the London Borough of Bexley

For your free daily news bulletin
Highways jobs

Principal Human Resources Adviser

Royal Borough of Greenwich
£37722 - £40869 per annum
Principal Human Resources Adviser - 1 year Fixed Term ContractRoyal Greenwich is ambitious in its commitment to residents and to service delivery. We' England, London, Woolwich
Recuriter: Royal Borough of Greenwich

Network Architect

Camden London Borough Council
Competitive Salary
The job holder will require a good understanding of security & connectivity practices in the context of Cloud services preferably Microsoft Azure. Camden, London (Greater)
Recuriter: Camden London Borough Council

Transport Development Officer

North Yorkshire County Council
£39,880 - £43,857 per annum
A flexible working offer that allows you to have a true work/life balance. Northallerton, North Yorkshire
Recuriter: North Yorkshire County Council

Recycling Manager

Camden London Borough Council
£41,952 - £48,663
The position sits within the North London Waste Authority’s (NLWA’s) Strategy and Services team, managing... Camden, London (Greater)
Recuriter: Camden London Borough Council

Traffic Management Officer - Carlisle

Cumbria County Council
£31.346 - £32.234
This role involves working within the traffic team liaising with members of the public and councillors agreeing and... Cumbria
Recuriter: Cumbria County Council

Public Property

Latest issue - Public Property News

This issue of Public Property examines how how flexible workspaces can lead the way in regeneration for local authorities, Why local authority intervention is key to successful urban regeneration schemes and if the Government’s challenge of embracing beauty is an opportunity for communities.

The March issue also takes a closer look at Blackburn with Darwen Council's first digital health hub to help people gain control over health and care services.

Register for your free digital issue