Skip to content

Search the site

Defra turns to private sector for SOC/Incident Response support

Requests to participate need to be in by March 2

The Department for Environment Food and Rural Affairs (Defra) has gone to market for a private sector cybersecurity incident response partner, with the ministerial department seeking help “proactively monitoring for cyber risk" via its Cyber Security Operations Centre (SOC).

Defra has over 3,500 staff and oversees 33 agencies and public bodies. It is seeking to protect “existing (and any new) complex IT systems and critical data from increasing cyber risks”, a contract notice reveals, as part of an “effective new cyber security risk management strategy.”

The notice, published December 28 (requests to participate need to be in by March 2) reveals the bid for external expertise to help deploy "appropriate technologies, processes and controls that are designed to protect systems, networks, programs, devices and data from cyber-attacks".

Specifically: "Defra requires a call-off mechanism (process and contract) of 20 days support, so that Defra can rapidly access specialist cyber incident response related expertise. This call-off mechanism will be used to support and augment Defra’s cyber security capabilities, where Defra does not have the appropriate competence or level of expertise."

Earlier government publications note that the NCSC's October 2018 Cyber Assessment Framework (CAF) v2.0 -- designed to support the UK’s implementation of the Network and Information Systems (NIS) Directive -- details indicators of good practice that include threat hunting/"proactive security event discovery". Defra is considered an "operator of essential services"and as the contract notes, faces "increasing cyber risks".

The capabilities are likely in no small part in response to this, as well as the abundantly clear and growing security threats to public sector organisations demonstrated by rampant ransomware attacks in 2020.

An October 2020 blog by a senior Defra security advisor notes that "We have multiple systems in place to filter out unauthorised access to our systems and protect them from malicious content" and points to existing SOC capabilities in-house. ("Our SOC monitor these 24x7, report on outputs and advise the incident team, senior managers...") suggesting the contract is primarily bolster threat hunting capabilities.

Editor's note: The Stack is keen to hear opinions from IT providers to the public sector on the Cabinet Office's December 15, 2020 green paper on public sector procurement (a consultation closes in March). Have a read here, let us know your thoughts here.

See also: How do you supercharge your SOC?