Central Bedfordshire Council (CBC) is a unitary council, which provides over a hundred services to a quarter of a million people, and is responsible for schools, social services, rubbish collection, roads, planning, leisure centres, libraries, care homes and more. Their citizen’s data that they hold and protect is of the utmost importance to the council. Like many councils, CBC is transforming themselves with a focus on increased mobilisation of their teams, improving the services they provide and reducing costs by moving to the cloud.
CBC knew that with growing cyber-attacks across the UK the security incidents situation has moved over the years from “if” to “when”. While CBC had security in place with a growing threat – were their defences good enough?
CBC had been making steps forward over the past five years with a focus on information governance and improved vulnerability management (utilising an in-house team and Nessus) CBC had also procured a SIEM system in 2012/13 which provided a log of some systems within CBC.
It was clear that the existing SIEM system provided only a small part, not the whole, of the required security management regime.
When reviewing several high profile incidents they discovered that it was clear the issues were greatly compounded by the late discovery of the issue. It was clear that the existing SIEM system provided only a small part, not the whole, of the required security management regime. It was clear CBC needed a new approach to cybersecurity to protect against the growing threat.
Central Bedfordshire reviewed their options. It was clear that their software was not delivering the required results and internally they lacked the bandwidth to give the task the focus it needed. Although CBC was security-aware, job posts did not exist to focus solely on cybersecurity. They understood that there would be a need for both new tools and for multiple posts to provide the coverage needed for an appropriate security service.
They reviewed the sector to see what other solutions were available. While there were lots of different software tools and different managed security providers available, the majority of them were unsuitable for the unique requirements of a council.
CBC spoke with Hytec about the Managed Security Service offering to enhance their security. Hytec had been working with CBC since 2014 regarding Information Governance, PSN and N3 compliance, security by design for new architecture, and governance aspects of moving to the cloud. Hytec work had always been high quality and CBC saw them as a trusted partner.
“Hytec has the right mix of skills and tools to ensure we have an appropriate level of cybersecurity.”
Emel Morris, CIO, Central Bedfordshire Council
Hytec had spent three years assessing the requirements of local government cybersecurity in developing their Managed Security Service. Hytec’s Managed Security Service offers a best of breed Unified Security Management solution. Hytec has reviewed and trialled available security technology to identify which is the most appropriate for the business requirements and threat environment in local authorities. The Hytec Managed Security Service uses this technology, which its specialist security operatives utilise to maximise the protection/ benefit to the Council.
Delivery of the Managed Security Service
Hytec commissioned to provide the Hytec Managed Security Service to CBC in April 2018. The same month the sensors were deployed in the two main data centres, and the service commenced.
“We quickly derived more benefit from the Hytec service than we got from the pure SIEM system we had deployed for several years”.
Bernard Sykes, Operations and Networks manager at Central Bedfordshire Council
A phased delivery plan was agreed; CBC a data centre technical refresh programme underway, and it was decided to introduce “security by design” for the new infrastructure, rather than re-engineer legacy systems that were due for replacement. This process has progressed well, and most of the estate is currently within the scope of the Managed Security Service.
The real benefits have been obtained from the system to date, including the tuning of the councils remote working systems. The Hytec service has collated information from firewalls, Okta, Mobile Iron and F5 service to gain a holistic view of the situation, and the identification and correction of compliance issues. The Threat and Vulnerability Management System is providing real-time information regarding vulnerabilities within the estate, this is collated with real-time threat feeds from Open Threat eXchange, asset information, and security events to provide holistic and contextualised security information.
The result of the deployment of the Hytec service to date has been the suppression of vulnerabilities and incidents, and although Hytec detects many security events per day, only events of real consequence are reported to CBC – this is typically less than 10 per day, and this is decreasing as the security posture improves.
Hytec continues to work as trusted partners of Central Bedfordshire providing the Managed Security Service and other critical information governance guidance.
Emel Morris, CIO, Central Bedfordshire Council commented about the partnership.