Central department awards £900k contract lasting nine months and enabling officials to tap into open source data insights from the software vendor’s Microsoft Threat Analysis Center facility, PublicTechnology can reveal
The Cabinet Office has signed a six-figure deal with Microsoft to access intelligence on nation state threats – and address what the commercial documents indicate currently represents a government-wide “capability gap”.
PublicTechnology understands that the gap the department wishes to close relates to the ability to share such threat information – both across government agencies and with international allies of the UK. The information that will be gathered via the Microsoft Threat Analysis Center (MTAC) facility is open-source intelligence, which the department believes will be much easier to share in this way, it is understood.
The insights provided by the MTAC unit will include information on various major threats that are directly led or otherwise backed by hostile overseas regimes. This includes both cyber aggression and the orchestrated dissemination of false information.
PublicTechnology understands that the deal with Microsoft is intended to build on other reporting measures that are already in place for such threats – with, again, the open-source nature of the Microsoft intelligence believed to be of key importance.
The text of the Cabinet Office’s contract with the software vendor describes the department’s intent “to procure access to open source insight into state threats-related activity pertaining to the UK and UK interests – in particular mis- and disinformation and cyberattacks – to address a x-HMG (cross-government) capability gap”.
The deal, which was awarded via the G-Cloud 13 framework, runs for an initial term of nine months, covering the period from the beginning of July 2024 to the end of March 2025, and can be extended for two further months “subject to funding”. The engagement is valued at £885,660.
Beyond this, very little further detailed information is available as the document is heavily redacted – even by the standards of government security-related contracts.
Related content
- Data of military personnel breached in China cyberattack on MoD, reports claim
- Government comms unit taps into tech tool to track Russian social disinformation
- China launched cyberattacks on electoral data and MPs as part of ‘large-scale espionage’, ministers claim
Descriptions of the services offered to customers by MTAC are, however, listed on government’s Digital Marketplace platform.
Here, Microsoft says that the facility “evolves cybersecurity – detecting and disrupting threats to Microsoft and its customers globally”. These customers can “gather public data and signals from Microsoft’s ecosystem”, the listing adds.
“MTAC combines proactive and reactive investigations, extending to in-depth threat analysis,” it says. “This aids organisations in countering digital threats and influence campaigns.”
Users of the platform – who pay between £560 and £2,860 a day for access – are able to specify focus areas for threat analysis, including geographic areas, specific actors, online platforms, and languages.
The Microsoft facility can “provide insights on influence trends and methods”, and customers are also able to “use AI for monitoring influence campaigns”.
The benefits offered by this functionality include additional “awareness of threat actors, their motives, techniques, and targets”, as well as greater ability to “evaluate organisational exposure, resilience, and response readiness to threats”.
Senior leaders from MTAC regularly provide public updates on nation-state threats monitored by the unit. Recent online posts cover topics including Russian disinformation campaigns targeted at the French state and Olympic authorities, as well as Moscow-led activities intended to interfere in the US election.
MTAC has already reported that “China is using fake social media accounts to… possibly influence the outcome” of the upcoming presidential poll, in addition to Chinese and North Korean efforts to “pursue new targets while honing cyber capabilities”.
Meanwhile, the fourth of the main quartet of the UK’s cyber adversaries – Iran – has taken steps in recent years to “accelerate its cyber influence operations worldwide”, according to MTAC updates.