Calderdale MBC

Shared DDos Protection Contract

Briefly describe the initiative/ project/service; please include your aims and objectives

We at Calderdale experienced a DDoS attack. We didn’t have specific DDoS protection in place. We found that our immediate neighbours (Leeds, Bradford, Kirklees, Wakefield) were also experiencing the same attack. The attack was affecting our main Council website. Residents couldn’t get in touch with us….payments couldn’t be taken…. our business was being severely affected. And it was the same scenario for our neighbours.
We needed to act quickly.

After discussing the situation through our WARP network, each of us was focussing on resolving the issue, but in different ways. \We at Calderdale decided that we would immediately purchase, under special measures, a DDoS protection service. We opted to go with the most cost effective solution we could find. We implemented the solution immediately and it instantly resolved the DDoS attack for us.

However, once this was done, we discovered that we would actually not be requiring the full usage of the base plan offered by the supplier. There was the option to run 5 websites and 20mb of bandwidth through the plan. This was the very basic plan that was offered. Knowing that our 4 neighbours were experiencing the same issue, we reached out to them and offered to “share” the protection with them. This meant that our 4 neighbours could immediately resolve the DDoS and each of them didn’t need to purchase their own solution.

The aim of implementing the solution was to resolve a live attack, but also to safeguard us against similar attacks in the future. By acting quickly, we were able to get this in place swiftly. Rather than us just viewing this as us resolving our own issues, we recognised that we could actually help our neighbours and save them time and money by sharing our solution. We work very closely with our WARP neighbours, we are all Local Authorities, doing the same thig, albeit at different scale, but it made sense to me for us to work together.

What are the key achievements?

The immediate benefit of implementing the DDoS protection was that the Calderdale attack was stopped straight away, thus preventing further impacts on our reputation, and the potential for the attack to escalate. By sharing the protection, it also meant that the attacks on Leeds, Bradford, Kirklees and Wakefield were also halted swiftly. Each of these LA’s didn’t need to go through the process of finding a supplier, investigating costs, getting approval (as costs to “go it alone” would likely have been above procurement thresholds for direct purchase), “blind” implementation. The shared cost (£41k between 5) meant easy approval for each of them. Implementation was easier, as we at Calderdale had done it first and could therefore advise and guide.

There were substantial cost savings. If w work on the basis that each LA implemented the same solution base plan, but alone ,then the cost would be £41k to each, as opposed to £41k between 5. So that means overall savings of £164k across the 5. In sharing the contract, it meant that the 5 of us could work together on it, sharing technical experience. Overall, to me, it just made absolute sense to do it this way. By talking to each other, and working closely together across the region, we were able to assist each other, share the burden, and most importantly, save public money where we could.

How innovative is your initiative?

I don’t know whether this would necessarily be classed as “innovative” but it is most definitely logical! To some extent, sharing contracts like this is not widespread across Councils. Many still wish to work alone, or do their own thing. But i strongly feel that it is innovative to actually explore the options of sharing contracts like this, in the security and cyber space. We all face the same challenges in what we are trying to protect our organisations from. We all face the same budgetary challenges -some more than others. And we ls face challenges with resources. The reason I at Calderdale did this contract was because I have procurement experience, so could work on it quickly and efficiently. Why not use regional resources effectively?….I could offer my procurement skills to assist neighbours, they could offer their technical skills in running the service as it matures. In Calderdale working to halt the attack by focussing on getting the solution in place to stop it, our neighbours were able to shift their focus to what had actually caused the attack, in order for us to understand things better. This was more about challenging the status quo around buying/implementing solutions and working in silos.

What are the key learning points?

DDoS protection is something, in my opinion, that all LA’s need. This would very easily work for any other LA who wants to share the costs of the contract. All that needs be done is investigation into whether the solution/plan being offered has capacity to be shared. The supplier we used, Imperva, was very receptive to us sharing our plan, and worked very well with us. If they have done it once, there is nothing preventing other partnerships from consuming the same solution from them and sharing the costs/admin etc.

The main challenges, truthfully, were around mundane things like raising orders and invoicing. But it was much easier to do, getting sign off to spend just £8200 per authority, as opposed to £41,000 per authority. Our senior managers were also very pleased to see collaboration in this way. And it opened up negotiations for other potential contracts that could work that way. Recently (in December), again due to my procurement experience, i conducted a joint procurement exercise on behalf of the region (through the Y&H WARP, but also NWWARP and NEWARP), where we pooled together the grant money awarded by the LGA to each LA for cyber training. We have 20 partners on that contract and we have achieved excellent economies of scale. It just makes sense for LAs to work together – it should save fortunes!