Welsh local authorities and fire and rescue services will be protected from cyber-attacks in the first scheme of its kind in the UK.
CymruSOC (Security Operations Centre) will help ensure key organisations can continue offering critical services without disruption due to cyber-attacks.
The SOC service, which will be managed by Cardiff-based firm Socura, will safeguard the data of the majority of the Welsh population, as well as 60,000 employees across the public sector.
The project is led by Welsh Government in collaboration with Merthyr Tydfil County Borough Council.
First Minister Vaughan Gething said:
“The challenges people across Wales have faced in recent years due to the pandemic have shown the importance of digital in our lives. It has become central to the way we learn, work, access public services and do business. However, our reliance on digital has also led to a stark increase in the risk of cyber-attacks, which are becoming ever more common and sophisticated.
“CymruSOC is a first of its kind solution with social partnership at its heart – ensuring we take a ‘defend as one’ approach. It’s a vital part of our Cyber Action Plan for Wales, which – one year since its launch – is making good progress to protect public services and strengthen cyber resilience and preparedness.”
The Socura SOC team will monitor for potential threats such as phishing and ransomware from its 24/7 remote SOC.
In conjunction with the National Cyber Security Centre, CymruSOC will also share threat intelligence information to ensure awareness of emerging risks.
CEO of Socura Andy Kays said:
“The CymruSOC is a fantastic initiative, and we feel honoured to play a role in keeping Wales secure.
“By sharing a SOC, and threat intel, across all Welsh local authorities, even the smallest Welsh town will now have the expertise and defences of a large modern enterprise organisation.
“People rely on their local council at every stage of their life. It’s where they register a birth, apply for schools, housing, and marriage licences, which makes them a prized target for financially motivated cybercriminal groups as well as nation state actors seeking to cause disruption to critical infrastructure.
“It is our job to ensure that these critical services remain unaffected by cybercriminals’ attempts to steal data and cause disruption.”
Leader of Merthyr Tydfil County Borough Council Councillor Geraint Thomas said:
“The close collaboration between our council and Welsh Government has been a key factor in the success of this project.
“Merthyr Tydfil’s approach to cyber security has always been innovative so I’m really pleased that, as the contracting authority, we continue to lead this work on behalf of the CymruSOC member bodies, and other Welsh public sector bodies that wish to utilise the CymruSOC going forward.
“It provides some reassurance to the population of Wales that if they use their local authority for any kind of service then CymruSOC will provide additional support and protection to enhance existing cyber security controls”.
The CymruSOC program is scheduled to run for three years, and Socura is onboarding the first member bodies now.
Eighteen of Wales’ 22 local authorities are currently signed up to use CymruSOC. The remaining four are currently utilising their own SOC service.