The New Zealand Police is asking for quotes to implement a security orchestration, automation, and response (SOAR) system.
A tender document says Police want a product that can integrate with current and future alerting tools and other software to further provide the ability to identify and prioritise threats from all information feeds.
The ability to respond to incidents with a highly customisable capability to automate tasks and workflows or playbooks and being able to report and communicate information gathered in multiple ways were priority requirements.
"Police want a product that is the keystone component for managing the challenges posed by the rapid evolution of cyber security threat landscape," a request for quotes said.
"Police want a product that is highly available, highly reliable, fault tolerant, and easy to replace/restore in the event of failure/disaster."
As an emergency services provider, Police ICT security centre (ICTSC) infrastructure delivered life-critical services to first responders and the public. Therefore, any platform that could not cater for 24/7 availability of technical support for hardware and software related incidents was not required.
"The Police ICTSC provides support for 600-plus applications in a hybrid environment with a strategic partner providing a desktop as a service offering for our 14000-plus users who use a variety of computing devices, and another strategic partner providing support for our fleet of personally assigned iPhones," the tender said.
Police security centre has a service desk that operated 24/7 to triage incidents and requests, with Level 2 and 3 support provided from operational and development teams.
The ICTSC's existing security operations centre was growing quickly as it responded to and developed capabilities as demand for cyber security services increased.
"The key outcome that we want to achieve after this purchase is to ensure our SOAR solution is suitably sized and has a broad spectrum of security features and capabilities to meet the business and operational requirements for at least the next three years," the tender specified.
During its 2021 annual review before Parliament, Police reported no significant data or system breaches were discovered during the financial year compared with one in each of the previous two years.
However, there were 180 less significant information or privacy related incidents recorded in Police’s
security and privacy incident reporting database during the year.
"This is approximately double the 93 incidents recorded in 2019/20, but is due at least in part to recent Privacy Act changes which have resulted in increased staff awareness and associated efforts to encourage incident and ‘near miss’ reporting," Police explained.
Most of the reported incidents involved inadvertent, inappropriate or careless release of personal information, with many stemming from errors when using email or from hardcopy information being misplaced or stolen.