DfE retains security provider for cyber incident response in £500k deal

Written by Sam Trendall on 25 May 2022 in News

Department signs contract with defence contractor BAE

Credit: Gerd Altmann/Pixabay

The Department for Education has signed a £500,000 deal that will provide around-the-clock on-demand access to cyber experts that can help guide the response to cyberattacks and other incidents.

Newly published procurement information reveals that the DfE entered into a two-year engagement with BAE Systems on 27 April. The contract notice indicates that the defence contractor will provide a “cyber incident management service to provide additional cybersecurity support to the department’s internal networks”.

The text of the contract reveals that the deal includes 100 hours of incident response IR support from analysts each year as part of an “annual retainer”. Additional personnel resources can be added in 50-hour bundles.

BAE will be expected to “provide access to specialist IR analysts from [its] cybersecurity incident response team to support the [department] with the response to cybersecurity incidents 24x7x365, and to assist… with incident-readiness activities”.

Related content

Activities that are likely to form part of the DfE’s response to cyber incidents include analysis of images, emails, network sessions, log data, and malware as well as emergency monitoring to support investigations and advice to guide remediation activities. The contract also covers “forensic investigation… [and] data recovery” and threat-hunting services – which involves “proactively searching through networks and systems to detect and isolate advanced threats that evade existing security solutions”.

The contract also specifies that BAE will assist with technical management during the response to attacks or threats, and also “emergency non-technical consulting support to the organisation's management or executive teams during a cyber incident”.

The supplier may also be asked to advise on the possible attribution of an attack to the responsible parties.

The DfE contract came into effect shortly after publication of two similar deals signed by Whitehall departments seeking to tap into additional cyber resources to support incident response; in March, it was revealed that the Home Office and the Cabinet Office – also with BAE – had awarded retainer contracts.

As part of the first-ever Government Cyber Security Strategy, all government bodies will undergo an audit of their cyber resilience, paymaster general Michael Ellis recently told the PublicTechnology Cyber Security Summit.


About the author

Sam Trendall is editor of PublicTechnology. He can be reached on sam.trendall@dodsgroup.com.

Share this page




Please login to post a comment or register for a free account.

Related Articles

‘Top Secret UK eyes only’ – MoD plots new infrastructure for highly classified information
20 February 2023

Facility in south-east England is likely to include private cloud and physical storage

Scottish parliamentarians ‘strongly advised’ to ditch TikTok
21 March 2023

MSPs are issued with advice following consultation with National Cyber Security Centre

Emergency alerts message system launches with nationwide test planned for next month
20 March 2023

SMS alerts initiative has been in the works for five years and was originally slated to launch in October

Government warned over need to protect the metaverse in Online Safety laws
17 March 2023

Campaigners warn that ‘virtual actions are not adequately addressed’ by existing law or pending legislation

Related Sponsored Articles

Digital transformation – a guide for local government
6 March 2023

Digital transformation will play a key role in the future of local government. David Bemrose, Head of Account Strategy for Local Government at Crown Commercial Service (CCS), introduces a new...