View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
March 23, 2023updated 24 Mar 2023 9:52am

DWP to automate antiquated threat detection system that relies on Excel spreadsheets

Staff are manually assessing cyberthreats, and the department is upgrading to an automated system.

By Claudia Glover

The UK government’s Department for Work and Pensions is planning to update its antiquated threat detection model by introducing an automated system to spot cyberattacks. Currently, several teams are carrying out vulnerability mapping manually, sharing data via Excel spreadsheets, which can significantly hinder how fast risks are addressed, a contract notice reveals.

DWP releases opportunity for a partner to manage its vulnerability detection automation. (Photo by William Barton/Shutterstock)

The updates are a part of an Adaptive Security Programme (ASP) focused on improving security controls across the department’s digital services, “to reduce the residual risks associated with a cyberattack,” states the tender document, posted on the government’s digital marketplace today.

DWP cybersecurity: a move to automate department threat detection system

DWP is looking for a partner to improve and manage security controls across the department by implementing new, automated vulnerability response. 

The government department purchased a Security Operations Platform from ServiceNow in January 2022 and is planning on extending this via a new vulnerability response (VR) module. 

This should allow the DWP to conduct automated and system-driven monitoring and mitigation for software vulnerabilities, which will considerably improve its vulnerability management capabilities.

The department currently operates its own vulnerability management, scanning for its own vulnerabilities and sharing data sets manually, the notice reveals. 

“Currently, vulnerability management and mitigation is discharged by several teams who share data via various toolsets, Excel spreadsheets and MS Outlook emails,” the opportunity reads. 

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Vulnerability data, asset and service mapping is “largely manual, and significant time is spent” understanding the department’s risk landscape, continues the document. This has been further complicated due to the DWP’s hybrid working model. “Significant time is spent to arrive at a position where identified vulnerabilities are understood in the context of our hybrid IT Estate,” it says.

The one-year contract will begin immediately. The value has not been disclosed, but Tech Monitor has contacted DWP for further details

DWP’s digital transformation continues

The move to bolster cybersecurity systems used by the DWP  is in line with the department’s ten-year transformation plan. The plan will cost £693m in total and will be funded by the government’s Major Projects Portfolio, a Treasury cash pot which bankrolls complex or expensive infrastructure schemes. 

The plan is expected to save £3.5bn over the next 30 years with £80–90m being realised from 2028/2029, the DWP says.

The security update will be in line with advice published by the UK’s National Cyber Security Centre (NCSC) on vulnerability management. “An effective vulnerability management process will need to rely on automation to ensure that security updates and configuration changes are applied consistently and promptly across your service provider’s infrastructure,” it says.

Interested parties have until 30 March to find out more details about the contract. The deadline for submitting tenders is 6 April.

Read more: Does the UK need a cybersecurity regulator?

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.