Essex County Fire & Rescue Services acquires platform for PSN compliance
Service piloting BYOD and taking steps to enable flexible working
Essex County Fire & Rescue Service (ECFRS) has purchased an integrated log management and security system in order to help achieve the regulatory compliance necessary to access the Public Services Network (PSN).
The Security Information and Event Management (SIEM) platform, which was developed by security information and event management firm LogRhythm, is expected to help ECFRS develop its wider IT estate, including the ongoing deployment of a new virtual desktop infrastructure, with individual log-ins for fire fighters.
The platform is intended to improve situational awareness, cyber security and operational efficiency. In addition, the SIEM solution adheres to government regulations which specify that, in order to access the PSN, network traffic must be monitored continuously in order to identify unusual or suspicious behaviour.
According to Chris Massie, ECFRS ICT Security Officer, the platform, which was installed at the end of September 2012, is not only being used for security and events. He said, "It's been used quite extensively for troubleshooting operational issues and monitoring. We had quite a good experience of that last week.
"We were doing some DR [disaster recovery] testing and a couple of issues arose. However, we were able to use LogRhythm to pinpoint the root causes of the issues, and it was actually related to our DNS [Domain Name System]. The management and security aspects of the platform mean we can fix operational issues quite easily."
Massie added, "On the security side, we've had some penetration testing done and again, it provided us with a good platform for keeping tabs on what our penetration testers were doing and alerted us when they were trying to hack into computer accounts.
"So, we took the view with our penetration test that we wanted to give them as much of a foot up into our environment as possible and test not only the strength of our systems but also the monitoring and recording systems. When we were setting up the penetration testing, it didn't occur to me we'd be able to testing monitoring too, but it's a happy consequence."
ECFRS is also using the platform to improve its IT security procedures and operational efficiency. The platform will be used in the operation of its new control room, from which all emergency requests and 999 calls are to be managed.
Before switching to the new SIEM solution, ECFRS used a log management platform that would have needed extensive changes to provide the level of protective monitoring necessary to comply with CESG's Good Practice Guide 13 and PSN.
ECFRS has 50 fire stations across 14 local authority areas, and supports an area covering 400,000 hectares with a population of more than 1.5m, making it one of the largest County fire services in the UK.
Regarding the PSN compliance element of the contract, Massie said, "This provides us with a big step in the right direction. It helps us have both internal and external assurance that we've set up good policies and procedures."
He continued, "The fire service is really embracing its use of ICT and we've certainly seen a big shift. Last year, we spent time looking at how IT services are delivered to the desktop in the fire service VDI in order to provide strong, effective services to the fire stations. This helps the fire fighters to continue professional development and more effectively use IT and have better IT practices.
"Rather than having secure information floating about on encrypted memory sticks, we can now leave the information on the system and access it either internally or remotely."
Massie added, "Working flexibly is a big part of business continuity in re-locating our control room. A lot of what we do can be done through remote access; not only support functions but even operational stuff. A lot of our fire fighters are part-time, so remote access gives them the ability to access systems without having to be onsite."
Regarding plans for the year ahead, Massie said that the service is currently three weeks into a BYOD pilot. He said, "Of course there are challenges around ownership and obligations, particularly the legal implication of ownership. For us, during the pilot, the onus is very much on the user of the device. We are not ready to switch off our BlackBerries yet, but it is useful to have an alternative there."