The Ministry of Justice (MoJ) is working on improving its understanding of its cyber security posture.
It has begun work on a collection of its cyber security logs and an aggregation platform, after identifying that it was not able to fully understand the cyber situation around its estate as the logs are held in multiple systems and in many cases are hard to query.
In response, it is aiming to develop a single, centralised store of logs that can be queried to help correlate information on attacks and track behaviour by cyber attackers.
The MoJ’s security and privacy team has already created a proposed architecture based on its Kubernetes cloud hosting environment on AWS and commonly used logging tooling, and which has been approved by the technical authorities as the basis for the platform.
It is now running a procurement for support in testing and possibly implementing the suggested architecture over the first quarter of next year. It is aiming to have the platform in an operable state by the end of this period.
The move is part of effort by the MoJ to update its cyber security capability. In August it indicated that it was working on a new set of policies, standards, guidelines and procedures to strengthen its cyber security. This includes the creation of a ‘stack’ for its digital and technology delivery teams to understand their relevant responsibilities.