HMRC is stepping up its game by looking to enhance its Security Operations Centre (SOC) capabilities with new security information and event management (SIEM) services. They recently published a request for information (RFI) outlining what they want from potential partners.
As the UK’s tax authority, HMRC is responsible for maintaining the integrity of the nation’s financial systems and ensuring that people trust them. They deal with over five million businesses and 45 million individuals, managing more than £800 billion each year. Given this vast responsibility, they face constant threats from sophisticated cyber attacks.
In the RFI, HMRC emphasizes the need for solutions that boost their SOC. They want advanced technologies and skilled expertise that align with their strategic goals. They’re looking for partners who can communicate well and provide flexible, scalable solutions. Long-term collaboration matters because of the ever-evolving cyber security landscape.
SIEM systems like the one HMRC is considering gather data from multiple sources, spot anomalies that could signal cyber threats, and act accordingly—like alerting SOC teams or triggering countermeasures. The more advanced options include user and entity behavior analytics (UEBA) and security orchestration, automation, and response (SOAR).
Recent reports from the Public Accounts Committee (PAC) and the National Audit Office (NAO) paint a troubling picture of the UK government’s cyber readiness. They say many departments are not ready for a serious cyber attack, mainly due to reliance on outdated IT systems.
Just this week, the PAC heard from IT leaders who noted that civil servants lack visibility into their IT systems and don’t fully understand their vulnerability to cyber threats. The NAO’s January report highlighted that 58 critical government IT systems have major gaps in cyber resilience. They also flagged that the status of another 228 legacy systems is mostly unknown.
Coordination is another concern. According to the NAO, the government struggles with a cohesive approach to cyber security, including confusion over departmental roles, which complicates efforts to protect sensitive information. There’s also a significant skills gap, with around one-third of cyber security positions either vacant or held by temporary staff.
These insights come from interviews with officials working on the Government Cyber Security Strategy: 2022-2030, along with input from the National Cyber Security Centre (NCSC) and staff from other agencies involved in cyber security. The NAO even consulted with the British Library, which faced a major ransomware attack last fall.
As for HMRC, their new contract is set to kick off on December 1 and will last for three years, ending on November 30, 2028. The deadline for the RFI submission is midday on March 27, and they haven’t disclosed a financial value for the contract yet.