FOI request details

Request

Subject: Cyber Security

Reference: WBC-FOI-00471

As part of a research project into Cyber Security resilience within Local Government in the UK. I would like to understand if the council currently have the below cyber security tools in place. It would also be useful to understand what providers if any currently provide these tools and when any existing contracts are due to expire or to be reviewed.

Web Security/Filtering

Cloud Application Security (CASB)

Email Security

MFA

Security Awareness Training

None Disclosed - 10 February 2023

Request for Information - WBC-FOI-00471 - Cyber Security

I refer to your request for information received on 17 January 2023. Please see the information below in response to your request: -

Your Request:

Web Security/Filtering

Cloud Application Security (CASB)

Email Security

MFA

Security Awareness Training

Our Response:

Please note that Wandsworth Council believes that Section 31 of the Freedom of Information Act 2000 is engaged. Section 31 states that public authorities are not obliged to release information that would be likely to prejudice the functions of law enforcement, namely the prevention and detection of crime. This is due to the inherent risk that publishing details of our digital security infrastructure would create in defending against cyber criminals. Knowledge of which applications or versions are used by the Council will allow threat actors to research, and potentially exploit any vulnerabilities that may exist.

Whilst providing certain high-level information in relation to the Council's cyber defences may appear to be low risk in individual instances, the risk of a potential hacker piecing together information and identifying vulnerabilities is so great, that the Council must exercise extreme caution when considering such disclosures. This is particularly the case in light of the successful attack on Hackney Council in 2020, which was reported to have costed >£12m in the following financial year, not to mention extensive disruption to essential services; several of which involving risk to life. As such, the Council considers the public interest in withholding the requested information to far outweigh any grounds for disclosure.

Councils are actively, and regularly targeted by hackers. The impact of such attacks can be enormous, and organisations can be heavily fined for not taking due care in protecting their systems and the data held on them. Councils provide a wide range of services; the impact of a serious attack could affect thousands of residents.

In line with our duty to provide advice and assistance, under section 16 of the FOI Act, I am pleased to be able to direct you to the Council's Contracts Register, where you will be able to find some details concerning its IT agreements: https://www.richmond.gov.uk/council/how_we_work/how_we_do_business/procurement

In accordance with the Freedom of Information Act 2000, this response acts as a Refusal Notice.

If you are dissatisfied with the information provided in relation to your request, you may make representations to the Information and Transparency Manager. Any such request for an internal review should be made within 40 days from today's date. Correspondence should be addressed to: FOIW@richmondandwandsworth.gov.uk

If you are not content with the outcome of the internal review, you have the right to apply directly to the Information Commissioner for a decision at: https://ico.org.uk/global/contact-us/

Regards,

FOI and DPA Officer

FOIW@richmondandwandsworth.gov.uk

Please note that our responses were accurate to the best of our knowledge at the time of release, and have not subsequently been updated. This information should be considered an historical record only.

My Account

Parking Account

Popular

FOI request details

Request

Response