How one London borough is defending against the dark web
Faced with threats from the dark web, Bexley ramped up its cybersecurity with a managed service. Gill Hitchcock finds out more.
Credit: Nagy Arnold from Pexels
The dark web is notorious for illegal activity. When the London borough of Bexley found that PCs in its public libraries were used to access sites on the dark web, alarm bells rang.
Although the borough runs separate networks for its public libraries and corporate functions, Neil Gooding, Bexley’s information security manager, had considerable fears for both.
“We could see that a lot of malware was hitting the libraries network, where people were going to dodgy, infected sites,” he says. “My concern was that this could start reaching across to the corporate network and then we would have a major problem.”
His response was rapid: “We still want our libraries to be as open as possible, but we have locked down the PCs much more. The filtering has been enhanced so you can’t access dark web sites. There are also warnings to notify people that there is more monitoring.”
Gooding sees the dark web as a threat to local government: “Many local authorities are going into Office 365 or Google for their email accounts and SharePoint. In the 365 and Google world, we are exposed and we see lots of attacks going on all the time. It’s constant.”
Despite protocols and guidance for local government around data handling and sharing, the Local Government Association has expressed concerns about recent cyberattacks.
“Those with criminal or hostile intent will continue to try to breach organisations’ security to steal the data they hold and damage their systems,” it warns.
Meanwhile, freedom of information requests by risk-management specialist Gallagher found that councils reported being hit by more than 263 million cyberattacks in the first half of 2019, averaging 800 attacks per hour.
Bexley, however, has a new weapon in its cybersecurity armoury. For the past year, a managed cybersecurity service has been raising awareness of the risks it faces. Provided by Hytec, this service alerted Gooding to dark web activities on the libraries network.
Estimated average costs of a successful cyberattack on a local authority
Approximate population of the London Borough of Bexley
Proportion of UK internet users that have access the dark web, according to data from Statista
Value of dark web cryptocurrency transactions in 2019, according to tech firm Chainalysis
Estimated total of dark web .onion URLs
While Bexley’s infrastructure services, service desk management and business applications are outsourced to Northgate, the in-house ICT team is small. Gooding alone has responsibility for cybersecurity.
He admits that, in the past, it was difficult to fulfil his role because he did not have the “tool set” to do so. For example, the previous security information and event management (SIEM) tool did not meet the standards Bexley needed.
“It was there purely to tick a box to say, ‘yes we have one of these tools’, but gave no real visibility of what was going on around our networks,” Gooding said.
The tipping point came with coinciding Cyber Essentials and Payment Card Industry Data Security Standard audit reports in 2019. Both of these showed that Bexley had significant gaps in areas such as intrusion detection and log management.
As part of the managed service, however, Hytec uses AlienVault. The platform combines SIEM and log-management functionality with security tools, including asset discovery, vulnerability assessment and intrusion detection.
The managed service also means the council is aware of sites on the dark web which keep council email addresses and passwords.
“We have a dark web monitoring piece where you put in your domain and it will trawl to see if there are any sites which hold, for example, Bexley.gov.uk email addresses,” says Gooding.
“This is limited in what it does, but it alerts us if it finds an email address on certain dark web sites. We have found that some of the accounts no longer exist, or use made-up names. But we have had instances where an address has been legitimate.”
In response, Bexley has implemented facial recognition software instead of passwords. If the biometric option does not work, then staff are required to use two-factor authentication.
The managed service also highlighted the vulnerabilities of a device management portal shared by the council and Northgate. Gooding explains. “Not long after the AlienVault solution from Hytec came in, we got alerts showing that the portal was getting attacked – lots.
“Particularly, being exposed in a way that someone got onto that system and was trying to install malware. We knew we had to do something about this straightaway and it equipped me to go back to the business and say, ‘we need to shut this down now; it is not an essential service, and the risk to the organisation is too great’.”
Councils represent prime targets for cyberattacks because of the significant amounts of personal data they hold. These attacks can be costly. According to Gallagher, the average successful cyberattack on a council results in costs of £430,000, a bill ultimately paid by taxpayers.
Gooding says there is a fine balance between investing in security and ensuring your organisation runs effectively: “I could spend an unlimited budget on security tools and create such a locked-down environment that it would not be workable.”
While reluctant to disclose the cost of the Hytec arrangement, he says: “Here at Bexley, we have held money back for security. Other authorities have come and asked what we are doing and said they just don’t have the budget for it. So, they are making do with solutions that are inadequate.”
“We could see that a lot of malware was hitting the libraries network… my concern was that this could start reaching across to the corporate network and then we would have a major problem”
Neil Gooding, Bexley information security manager
is advice for other councils is to seriously consider managed security service offerings. If, like Bexley, cybersecurity staff resources are tight, it makes sense for external experts to set up and manage the right tools. For one thing, it stops misconfiguration which could mean missing out on important alerts.
Gooding urges councils to attend their local Warning and Reporting Point meetings. Here, members can receive and share up-to-date advice on information security threats. He is keen on the Information Security for London forum, describing it as an invaluable resource.
And it is important that when organisations like the Local Government Association and National Cyber Security Centre ask for information, councils make sure they provide it. He says the government has money to help local authorities with cybersecurity. Bexley has received funding on a number of occasions – just because it responded when asked.
“A lot of organisations have a basic log and monitoring tool in place, just as a tick-box exercise,” says Gooding. “Without being informed about what is going on, you could be open to all sorts of problems. The risks are huge.”
Information commissioner tells forces to immediately stop gathering info in a manner he claims is putting a major dent in conviction rates
Online notice reveals controversial trials are to be expanded into a national service – about which government, law enforcement, watchdogs and all the UK’s major ISPs declined to answer questions...
Consultation launched on code of practice for Apple, Google and others – although adherence would be voluntarily
Think tank report identifies benefits of city mayors, but finds many local officials are frustrated with current interactions with Whitehall