Credit: Gerd Altmann/Pixabay

The Department for Education has signed a £500,000 deal that will provide around-the-clock on-demand access to cyber experts that can help guide the response to cyberattacks and other incidents.

Newly published procurement information reveals that the DfE entered into a two-year engagement with BAE Systems on 27 April. The contract notice indicates that the defence contractor will provide a “cyber incident management service to provide additional cybersecurity support to the department’s internal networks”.

The text of the contract reveals that the deal includes 100 hours of incident response IR support from analysts each year as part of an “annual retainer”. Additional personnel resources can be added in 50-hour bundles.

BAE will be expected to “provide access to specialist IR analysts from [its] cybersecurity incident response team to support the [department] with the response to cybersecurity incidents 24x7x365, and to assist… with incident-readiness activities”.

Related content

• Government proposes tougher cyber laws for IT outsourcers
• DHSC signs £2m six-month deal to improve ability to ‘respond to recover from a cyberattack’
• ICO examining ‘serious cybersecurity incident’ at FCDO

Activities that are likely to form part of the DfE’s response to cyber incidents include analysis of images, emails, network sessions, log data, and malware as well as emergency monitoring to support investigations and advice to guide remediation activities. The contract also covers “forensic investigation… [and] data recovery” and threat-hunting services – which involves “proactively searching through networks and systems to detect and isolate advanced threats that evade existing security solutions”.

The contract also specifies that BAE will assist with technical management during the response to attacks or threats, and also “emergency non-technical consulting support to the organisation's management or executive teams during a cyber incident”.

The supplier may also be asked to advise on the possible attribution of an attack to the responsible parties.

The DfE contract came into effect shortly after publication of two similar deals signed by Whitehall departments seeking to tap into additional cyber resources to support incident response; in March, it was revealed that the Home Office and the Cabinet Office – also with BAE – had awarded retainer contracts.

As part of the first-ever Government Cyber Security Strategy, all government bodies will undergo an audit of their cyber resilience, paymaster general Michael Ellis recently told the PublicTechnology Cyber Security Summit.