Technical operations team
The Technical operations team focuses on improving how we run services and make decisions about technology while supporting the other service teams within GDS.
We work with GDS technology teams to:
- provide a common set of tools to support common problems
- integrate and configure those tools
- build and maintain a secure platform making it easy for teams to build services
- provide Security Operations, Engineering and Architecture support to other teams in GDS
Reliability Engineering provide a shared platform to distribute tools and services. This includes support for:
- Amazon Web Services (AWS) and the GOV.UK PaaS infrastructure
- Logit, for storing and querying infrastructure and application logs
- Prometheus, for running an operational metrics service
You can read more about Reliability Engineering in our documentation.
You also can contact Reliability Engineering by email using email@example.com or using the #reliability-eng Slack channel.
The Cyber Security Team aims to make GDS more secure by ensuring that:
- GDS has a sustainable operational security capability able to respond 24/7, 365 days a year.
- GDS is more difficult to attack, and attacks are less likely to succeed
- Successful attacks against GDS are likely to be detected quickly.
The Cyber Security team:
- uses threat intelligence - to inform and prioritise the risk
- focuses on delivery - to work in small agile delivery teams
- builds autonomous products and services - to scale and increase efficiency
- delivers actionable self-service security - to make sure service teams can keep themselves secure
Use threat intelligence to inform strategy
The Cyber Security team uses threat intelligence to inform and prioritise security risks and apply the appropriate and proportionate level of security controls for GDS.
The team’s strategy uses:
- threat intelligence to inform their priorities
- security risks to inform their work
- user needs to inform how they minimise security risks
Focus on delivery
The Cyber Security team is split into two teams, Cyber Engineering and Cyber Defence. The teams work in an agile, sustainable, effective and user-centered way. The teams are organised around:
- Building and maintaining the infrastructure required to effectively monitor security concerns
- Creating and maintaining tooling - Providing autonomous and self-service tools to detect security issues in near real-time and enforce actionable policies
- Threat Intelligence - Delivering relevant and actionable threat intelligence data to teams
- Threat Hunting - Proactively and iteratively scanning through GDS assets to detect and isolate threats that evade security controls in place
- Incident Response - Delivering an effective, competent and exercised security incident management to GDS
Build autonomous products and services
The Cyber Security team builds autonomous products and services that help provide scalable solutions and increased efficiency. Automation frees up people for mission work using threat intelligence and machine learning to improve our solutions.
Actionable self-service security
The Cyber Security team provides service teams with tools, systems, process and support to service teams to make GDS more secure. The team aims to provide a service which is adequate and effective without being too burdensome in terms of restriction, time or cost.
Self-service makes sure people closest to GDS services have the tools to operate and resolve security incidents efficiently and effectively. These tools, systems and intelligence help service teams make informed decisions about their own security.
The Cyber Security team is working towards achieving full security coverage through logging all relevant events. These will be accessible by the GDS teams through tools like Splunk.
The National Cyber Security Centre (NCSC) also provides guidance and intelligence about cybersecurity.
Contact the Cyber Security team using the #cyber-security-help Slack channel.