Met Office establishes dedicated Security Operations Centre as it changes approach to IT security

Digitalisation of business processes requires an increased focus on IT security, says Met Office acting CISO Tim Moorey

The Met Office has built a dedicated Security Operations Centre focusing purely on combating hackers and cyber threats as it digitalises its business and business processes.

The shift in strategy was signalled by CIO Charles Ewen in an interview with Computing earlier this year. Acting chief information security officer Tim Moorey talked to Computing about the organisation's changing approach to IT security.

"The team has evolved, broken down into the core streams of delivering the information assurance and cyber resilience across the organisation," said Moorey. It has also expanded, taking on security staff with a wider variety of skills in order to handle some of the new, core tasks.

He continued: "Originally, the security team depended entirely on, for example, the networks team so that people looking after the networking infrastructure would have monitoring capabilities for service monitoring. We'd also have infrastructural desktop people that would be monitoring of desktop infrastructure. There was no real central coordination in terms of security."

Moorey was brought in to help establish the Met Office's Security Operations Centre, which was set up to help support the organisation's new business strategy. The aim is to enable third-party organisations - whether public sector or private - to be able to run their own algorithms against the Met Office's own climate and weather data, or a subset of that data, on the Met Office's own supercomputers.

"We've already had some examples of people sending us their smaller datasets and their algorithm. We operate that algorithm against our bigger dataset with their dataset, and give them back the answer. In other words, bringing the problem to the data, rather than the other way round," Met Office CIO Charles Ewen told Computing in February.

However, opening up IT in this way has also required a concomitant investment in security. The trouble with the old approach, continued Moorey, is that "each team was looking at it from a service-monitoring or service availability perspective, specifically from a security or cyber-threat perspective".

Drawing these functions into the Security Operations Centre hasn't necessarily driven a concomitant reduction in networking monitoring and systems management, he argued.

"They are still monitoring for service availability and so on, but [also] looking at the feed from all of the monitoring systems we've got, plus specific security controls and looking at those in a cyber context and then providing packages of work out to the business, as necessary to remediate or react to," said Moorey.

COMING SOON: Read the full interview with Met Office acting CISO Tim Moorey. Only on Computing , online and in print