Water company dangles £10m for MSSP support

Assessment by the NCSC of previous industry breaches has seen an “enhanced” Cyber Assessment Framework (e-CAF) created that requires...

British water utilities continue their efforts to shore up cybersecurity – with Anglian Water making £10 million available under a new tender for Managed Security Service Provider (MSSP) to run a co-managed SIEM.

Anglian Water, which serves seven million people, said it is looking “to source an MSSP who is more closely aligned to [its] cloud-native strategy, providing SIEM, Threat Intelligence and Intrusion Prevention services.”

The service will be co-managed “with Anglian Water being responsible for the onboarding and offboarding of assets to the SIEM, whilst the MSSP will provide the 24x7x365 monitoring and triage of events,” it added.

Regulators are pressing utilities hard on cybersecurity. The owner of South Staffs Water and Cambridge Water was hit by the CL0P ransomware group in July 2022; an attack that caused concern at the highest levels of government and triggered a "nationally coordinated response." 

Assessment by the NCSC of previous industry breaches has resulted in the quiet creation of new requirements for utilities on cybersecurity under an “enhanced” Cyber Assessment Framework (e-CAF). Conformity is not required until March 2028 but organisations are moving fast to comply.