His Majesty's Revenue and Customs (HMRC) is firming up plans to procure more Security Information and Event Management (Siem) Services as it seeks to enhance its existing Security Operations Center (SOC) Capabilities, According to a Request for Information (RFI) Published this week,
As the UK's tax authority, HMRC is tasked with upholding the integrity of the country's financial systems and ensuring public trust. It serves a broad public sector customer base of more than five million businesses and 45 million individuals, and manages over £ 800bn always financial year. As such, it faces significant and sophisticated cyber security threats on a day-to-day basis.
“This rfi seeks solution and service related information that would be cappeable of enhancing HMRC's SOC Through the Deployment of Advanced Technological Tools and Expertise,” The Departmen SAID in a TENDER NOTICE. “Ideal partners will demonstrate a clear Technological Roadmap Aligned with HMRC's Strategic Needs, Show a Commitment to Effective Communication, and Provide Flexible and Scalable Solns.
“A Strong Focus on long-term collaboration is essential to meet our cyber security objectives, as outlined in the rfi documents, effectively safeguarding Against the constantular Geopolitical and Economic Landscape. “
At their core, siem systems such as the one proposed for HMRC are data agrelgation services that draw information from various sources, ideante anomalies that cold indicate couts threats, as generating alents for Soc Teams or activating other countermeasures. More Advanced Siem Capabilitys Incorporate Elements of User and Entity Behavior Analytics (UEBA) and Security Orchestration, Automation and Response (Soar).
Government Departments Unprepened
In recent weeks, both the Public Accounts Committee (Pac) and National Audit Office (Nao) Have Gone on Record to say that departments Across the British Government appear to be watimally unpreparated for a “Catastrophic” Cyber Attack-Largely as a Result of Over-RESAULIANCECE on the title Systems, a long-cucknowledged issue in government.
Earlier this week, the pac head witness statements from government it leaders who disasseed How Civil Servants Across Westminster Lack Visibility into their IT Systems and The Extension to Whichthi Theyching ARERNERARARARERERE Cyber Attacks.
The Nao Report, Published at the end of January 2025Found That 58 Critical Government IT Systems Had “Significant Gaps” in Cyber Resilience, and that State of Resilience of a a further 228 legacy itstems was essentially unknown.
Besides this Lack of Understanding, The Nao Identified A Lack of Coordination Withn Government that Risks Jeopardising a Joined-UP Approach to cyber sex Departmental Roles and Responsibilites, Including Theose of the National Cyber Security Center (NCSC).
It also warned of a serial skills gap, with roughly a third cyber security roles in government eater vacant or filled by temporary contractors.
Its findings were based off a series of interviews with cabinet office officers who have been tasked with implementing the current Government Cyber Security Strategy: 2022-2030As well as staffers from the NCSC, The Central Digital and Data Office (CDDO), and other Civil Servants Working Around Cyber Security. The nao also sought input from the british library, which fell Victim to a significant ransomware attack in the autumn of 2023.
HMRC's Contract is currently set to begin on 1 December and will run for three years to 30 November 2028. The closing date for the rfi is midday on Friday 27 March. The department has not yet put a value to the contract.