Freedom of information response

Cyber Security

Publication date: 
Monday 10 February 2020
Request: 

a. Number of employees at the council

b. Web Filtering Provider
Web Filtering License Expiry
Web Filtering Annual Cost

c. E Mail Filtering Provider
Email Filtering License Expiry
E Mail Filtering Annual Cost

d. Cloud Access Security Broker Provider
Cloud Access Security Broker License Expiry
Cloud Access Security Broker Annual Cost

e. Multi Factor Authentication Provider
Multi Factor Authentication License Expiry
Multi Factor Authentication Annual Cost

f. Do you use Office 365?

Response: 

a. In issuing our response the Council has applied S21 of the Freedom of Information Act. This means that the information you have requested is already available elsewhere so is therefore exempt from disclosure. 

The information is available at: https://www.thurrock.gov.uk/foi-responses/council-employees-0

b. Section 31 exemption applies, please see below for further details

c. Section 31 exemption applies, please see below for further details

d. No
N/A
N/A

e. Section 31 exemption applies, please see below for further details

f. Yes

Section 31 Law Enforcement

With regards to Questions b c and e, it is our view that the information should not be released. We have therefore applied the exemption contained in Section 31 - Law Enforcement to this request. Providing the information you have requested could compromise the security of the councils network / data. The reasons for the application of this exemption have been captured below under the public interest test section.

Public Interest Test:

  • Public interest in disclosure:

    • It would inform the public of the security arrangements in place to protect their data and the spend associated with arrangements.

  • Public interest to maintain the exemption:

  • The identification of hardware to ascertain manufacturer/platforms is one of the first things a hacker will perform or look for;

  • Releasing the brand of our Multi Factor Authentication Provider for example will reduce the amount of time an attacker would need to spend trying targeted vulnerabilities, on the basis that they will already know which ones to try;

  • If hackers already have this information then they can skip the above phase, which in turn reduces the likelihood of detection by our security systems.

Based on the above, it is the council’s view that there is a stronger public interest to maintain the use of the exemption for section 31. The key reasons for this is as follows:

The council feels the factors in favour of withholding the information outweigh those in favour of publication. A realistic outcome/consequence of releasing this information would be that the Council would be subject to attack or become increasingly vulnerable to attack. Therefore it is not in the public interest for the Council to make itself vulnerable to a cyber-attack as it is tax payers money that will be used to pay for additional software to increase our protection as well as the cost of repairing damage done during an attack.

Please note this exemption applies to the name of the providers, therefore, if the license expiry date and annual cost details are still required, please contact us.

You are free to use any information supplied to you for your own use, including non-commercial research purposes. However, any other type of re-use, for example, by publishing the information or issuing copies to the public will require the permission of the copyright owner.

Where the copyright is owned by Thurrock Council, you must apply to the Council to re-use the information. Please email information.matters@thurrock.gov.uk if you wish to re-use the information you have been supplied. For information where the copyright is owned by another person or organisation, you must apply to the copyright owner to obtain their permission.

Request reference:
FOI 9713