Internet Security and Networks – 16131

< Back

A request for information about Internet Security and Networks.

Ref: FOI/16131

RE: FREEDOM OF INFORMATION ACT 2000 REQUEST

I am writing to confirm that the West Midlands Fire Service has now completed its search for the information you requested on 18th October 2016.

Please find below a summary of our findings.

Request

  1. Standard Firewall (Network) – Firewall service protects your corporate Network from unauthorised access and other Internet security threats
  2. Intrusion Detection – network intrusion detections systems(IDS) and network intrusion prevention systems (IPS) services that detect Web application attacks and include anomaly-awareness in addition to handling older threats that haven’t disappeared.
  3. Web Applications Firewall – A Web application firewall (WAF) is a firewall that monitors, filters or blocks the HTTP traffic to and from a Web application.
  4. Threat Monitoring – organizations and security analysts to identify and protect against security threats.
  5. Anti-virus Software Application – Anti-virus software is a program or set of programs that are designed to prevent, search for, detect, and remove software viruses, and other malicious software like worms, trojans, adware, and more.
  6. Encryption Facilities – s a host based software solution designed to encrypt sensitive data before transferring it to tape for archival purposes or business partner exchange.

Reply

As a major emergency service provider, you will appreciate that we must ensure that our ICT Security Systems are appropriately protected. Releasing detailed information about our IT systems and infrastructure in response to your request and other similar requests under Freedom of Information has wider implications that we must consider.  By this we mean that disclosing this information may prejudice our ability to maintain our own and national security. We believe that maintaining security and ensuring public safety in a national and local context takes precedence over this request.

We accept that this type of information is of interest to commercial companies and to researchers but believe that it is not in the greater public good to release detailed information.

We do not imply that release of this information alone would necessarily be immediately detrimental, but taken with other information we consider that it could have an adverse effect on our capability, effectiveness and security. Given the current security climate in the UK we recognise the necessity to take a precautionary approach. In this situation we have also taken account of whether the release of this information, could, if put together with other available information, cause damage. After consideration we concluded that this type of information cannot be divorced from its context and looked at in isolation. In some circumstances, releasing this information could give rise to prejudice that would not otherwise have existed, because, taken together with other information requested, it could disclose a composite of information which is more sensitive than its individual parts taken separately.

We are therefore refusing your request under several Freedom of Information exemptions, s24 National Security, s36 Effective conduct of public affairs, s44 Prohibition on Disclosure.

In taking this decision we have taken note of the Centre for Protecting the National Infrastructure Guidance on disclosure of sensitive information, which states

“…. that national security is paramount and should be considered carefully in any government or commercial decision to release or disseminate information to the public”.

This guidance continues to state that careful consideration must be given before disclosing ‘precise information which exposes an organisation’s information or process control systems to the threat of electronic attack’.

Some of these exemptions are subject to the public interest test. This means that we must consider whether the public interest in releasing the information outweighs the public interest in refusing to disclose. We have considered that it is in the interest of the majority of the public to protect our systems from potential harm, in order to support us to ensure public safety. We have also decided that the likelihood of damage to our systems need not be immediate as the impact would, in an emergency situation, be potentially serious.

We also considered whether release of this information is in the public interest in terms of explaining our decisions, ensuring accountability, or providing transparency into our handling of public finances. We have concluded that the detail of this information is not necessary to meet the public interest or reassure public concerns. As a result, we have decided that the public interest is better served by not disclosing this detailed information.”

Reques

For each of the different types of cyber security services can you please provide me with:

  1. Who is the existing supplier for this contract?
  2. What does the organisation spend for each of contract?
  3. What is the description of the services provided for each contract?
  4. What is the expiry date of each contract?
  5. What is the start date of each contract?
  6. What is the contract duration of contract?
  7. What is the hardware brand? If available.
  8. What is the software brand? If available?

Reply

As a major emergency service provider, you will appreciate that we must ensure that our ICT Security Systems are appropriately protected. Releasing detailed information about our IT systems and infrastructure in response to your request and other similar requests under Freedom of Information has wider implications that we must consider.  By this we mean that disclosing this information may prejudice our ability to maintain our own and national security. We believe that maintaining security and ensuring public safety in a national and local context takes precedence over this request.

We accept that this type of information is of interest to commercial companies and to researchers but believe that it is not in the greater public good to release detailed information.

We do not imply that release of this information alone would necessarily be immediately detrimental, but taken with other information we consider that it could have an adverse effect on our capability, effectiveness and security. Given the current security climate in the UK we recognise the necessity to take a precautionary approach. In this situation we have also taken account of whether the release of this information, could, if put together with other available information, cause damage. After consideration we concluded that this type of information cannot be divorced from its context and looked at in isolation. In some circumstances, releasing this information could give rise to prejudice that would not otherwise have existed, because, taken together with other information requested, it could disclose a composite of information which is more sensitive than its individual parts taken separately.

We are therefore refusing your request under several Freedom of Information exemptions, s24 National Security, s36 Effective conduct of public affairs, s44 Prohibition on Disclosure.

In taking this decision we have taken note of the Centre for Protecting the National Infrastructure Guidance on disclosure of sensitive information, which states

“…. that national security is paramount and should be considered carefully in any government or commercial decision to release or disseminate information to the public”.

This guidance continues to state that careful consideration must be given before disclosing ‘precise information which exposes an organisation’s information or process control systems to the threat of electronic attack’.

Some of these exemptions are subject to the public interest test. This means that we must consider whether the public interest in releasing the information outweighs the public interest in refusing to disclose. We have considered that it is in the interest of the majority of the public to protect our systems from potential harm, in order to support us to ensure public safety. We have also decided that the likelihood of damage to our systems need not be immediate as the impact would, in an emergency situation, be potentially serious.

We also considered whether release of this information is in the public interest in terms of explaining our decisions, ensuring accountability, or providing transparency into our handling of public finances. We have concluded that the detail of this information is not necessary to meet the public interest or reassure public concerns. As a result, we have decided that the public interest is better served by not disclosing this detailed information.”

Request

  1. The responsible contract officer? Full name, job title, contact number and direct email address.

Reply

With regards for the contact details of ICT Manager, WMFS ICT Department operates a single point of contact policy and callers are directed to the ICT Service Desk via HQ Reception on (0121) 380 6067. The call will be directed to the ICT Service Desk and allocated to the ICT specialist with responsibility for the specific service.  There is a direct email address for suppliers making sales enquires email: procurement.enquires@wmfs.net.  Furthermore, guidance from the Information Commissioner’s Office is as follows:

  • The presumption is in favour of protecting privacy, so the release of personal information will only be fair if there is a genuine reason to disclose. This involves a three-stage test. A public authority will generally have to satisfy itself that:
  • There is a legitimate interest in disclosure;
  • The legitimate interest can only be met, or fully met, by the disclosure of information which identifies individuals (i.e. the disclosure is necessary to that purpose); and, the disclosure would not involve unwarranted detriment to the individual’s privacy or other rights and legitimate interests.
  • You can find out more about FOI exemptions from the Information Commissioner’s Office.  This will explain which one or more of the FOI exemptions applies, and tell you how to appeal if you disagree with our decision

If you have any queries about this email, please contact me.  Please remember to quote the reference number above in any future communications. If you are unhappy with the service you have received in relation to your request and wish to make a complaint or request a review of our decision please write to The Public Relations Department, West Midlands Fire Service, 99 Vauxhall Road, Birmingham, B7 4HW.[/vc_column_text][/vc_column][/vc_row]

Customer Service Form

General enquiry


A safe and well visit for you..

A safe and well visit for someone else...

Safeside enquiry form


Accessibility