TFL Cyber Security Invoices

The request was refused by Transport for London.

Dear Transport for London,

Please provide copies of all invoices from the previous year to date (14th June 2022) which relate to billing of any and all of the following computer software and related hardware:

- Security Information Management (Sometimes referred to as SIEM)

- Endpoint Detection and Response (Sometimes referred to as EDR)

TFL are of course welcome to obscure the vendor and brand names so as not to enact exemptions for matters of national security.

Yours faithfully,
John Smith

FOI, Transport for London

Dear John Smith

 

TfL Ref: FOI-0648-2223

 

Thank you for your request received by Transport for London (TfL) on 14
June 2022.

 

We will aim to issue a response by 11 July 2022 in accordance with the
Freedom of Information Act 2000 and our information access policy.

 

We publish a substantial range of information on our website on subjects
including operational performance, contracts, expenditure, journey data,
governance and our financial performance. This includes data which is
frequently asked for in FOI requests or other public queries. Please check
[1]http://www.tfl.gov.uk/corporate/transpar... to see if this helps you.

 

We will publish anonymised versions of requests and responses on the
[2]www.tfl.gov.uk website. We will not publish your name and we will send
a copy of the response to you before it is published on our website.

 

In the meantime, if you would like to discuss this matter further, please
do not hesitate to contact me.

 

Yours sincerely

 

Eva Hextall

FOI Case Management Team

General Counsel

Transport for London

 

 

show quoted sections

FOI, Transport for London

1 Attachment

Dear John Smith

 

TfL Ref: FOI-0648-2223

 

Thank you for your request received by Transport for London (TfL) on 14
June 2022, asking for Cyber Security invoices.

 

Your request has been considered in accordance with the requirements of
the Freedom of Information (FOI) Act and TfL’s information access policy. 
I can confirm TfL does hold the information you require.

 

However, in accordance with the FOI Act, we are not obliged to supply any
of the information as it is subject to a statutory exemption to the right
of access to information under section 31 of the FOI Act, which relates to
law enforcement. Specifically, section 31(1)(a), which relates to
information whose disclosure would be likely to prejudice the prevention
or detection of crime. Release of information under the Freedom of
Information Act is a release to the public at large. Therefore TfL must
consider how any potential recipient of the information might use it,
rather than make assumptions about the intentions of the individual making
the request.

 

In this instance the exemption has been applied as disclosure of the
information you have requested would pose a real threat to our IT systems,
and consequently, the prevention or detection of crime as it would assist
a third party to mount an attack on our IT systems. It is the sort of
information that could be combined with other information available to an
attacker or already in the public domain, to target our systems.

 

A SIEM is a solution used for centrally storing and monitoring sources of
information collected about networks, systems, and user activity,
primarily for the purpose of identifying malicious activity. Endpoint
Detection and Response is a solution used for monitoring and identifying
suspicious behaviour on servers and desktops. Both are fundamental cyber
security controls. The level of spend on a given control would allow an
attacker to infer the level of protection and draw conclusions. It would
also reveal the extent of our engagement with such vendors which could
give some context to the types of attacks we deal with and provide an
attacker with valuable insight into our security posture.

 

The London transport system is a critical piece of national infrastructure
and as such we employ rigorous safeguards to protect it from cyber attack.
Like other organisations we are subject to these regularly. These attacks
are unlawful under the Computer Misuse Act, and whilst the motive is not
always apparent, we are aware of the risk to critical national
infrastructure that may result from a successful attack. We consider that
releasing the information you have asked for would be likely to prejudice
our efforts to prevent and detect future attacks and undermine our ability
to safeguard our information systems.

 

The use of this exemption is subject to an assessment of the public
interest in relation to the disclosure of the information concerned.
We recognise the need for openness and transparency by public authorities,
but in this instance we consider that there is greater public interest in
safeguarding our information systems and to ensure that cyber attacks, or
any other criminal activity is prevented wherever possible.

 

The Information Commissioner’s Office has previously issued a Decision
Notice regarding the application of section 31 to withhold information in
relation to cyber security. Whilst the information requested in the
referenced case is different to the information you asked for, we believe
the same arguments can be applied. Please see the decision in the
following link:
[1]https://ico.org.uk/media/action-weve-tak...

 

Please see the attached information sheet for details of your right to
appeal.

 

Yours sincerely

 

Eva Hextall

FOI Case Management Team

General Counsel

Transport for London

 

 

show quoted sections