Local councils across Scotland will be able to access a national security operations centre (SOC) service that provides ‘round-the-clock’ threat detection and monitoring to prevent cyberattacks.

A market engagement exercise has began to find a private sector supplier for a centralised resource that protects local authorities from a range of cyber exploits including malware, phishing, ransomware and data exfiltration.

Scotland Excel is working with the Digital Office on the procurement exercise – with a prior information notice (PIN) reissued last week to stimulate market interest.

Worth a projected £13 million, it is envisaged that the framework will enable all 32 councils across the country to join in a bid to strengthen their online security postures.

David Ritchie, chief information security officer at the Digital Office, said: “A SOC should form the cornerstone of round-the-clock monitoring that gives councils peace of mind. Should something happen day or night, there will be someone to alert and manage the situation.” 

The SOC framework will enable councils to call off services from a single supplier, ensuring consistency and efficiency in their cyber security efforts. By leveraging the expertise of Scotland Excel, the centre of procurement expertise for the local government sector, the project guarantees the best value and most effective solutions for councils. 

Martyn Wallace, chief digital officer at the Digital Office, added:”With the ever-changing landscape of cyber threats today, it would be a challenge to develop this kind of service in-house, with round-the-clock monitoring and specially trained staff. Using the private sector to facilitate this specialist service is the best way to make these vital services available to councils whilst continuing to secure our assets.” 

Julie Welsh, chief executive of Scotland Excel, said: “By leading on this collaborative procurement initiative for Security Operations Centre Services, Scotland Excel aims to deliver operational efficiencies for councils while strengthening their cybersecurity resilience. By working with our partners, we are streamlining the procurement process to reduce complexity and provide a comprehensive, value-driven solution for a Security Operations Centre. This Scotland Excel framework marks a significant step forward in enhancing cyber readiness and fostering innovation, aligning with Scotland’s National Digital Strategy. It will form part of our expert contract portfolio that is in place to support the local government sector and we look forward to progressing to the tender publication in coming months.”

According to recent Freedom of Information data released by the Scottish Government, there was a small increase in the number of cyberattacks affecting Scottish public bodies in 2024, compared to the preceding four years.

Statistics released in November showed that there were 16 cyberattacks on public bodies in last year (up to November 7 when the data was released), compared with 10 in 2023, 8 in 2022, 10 in 2021 and 11 in 2020.

The data did not list the names of the organisations affected, due to confidentiality and security exemptions applied to the release. However, there have been named organisations in the public sector in recent years, including the Scottish Environment Protection Agency in 2020, Western Isles Council in 2023 and NHS Dumfries and Galloway inn 2024.