Miro Novak - Fotolia

Wales gets UK’s first national SOC

The first national security operations centre of its kind in the UK has opened in the south of Wales to safeguard public sector bodies across the country

The Welsh government is today opening a national security operations centre (SOC) to offer local authorities and fire and rescue services across Wales access to enterprise-grade security services, including threat monitoring and incident response, backed by threat intel from the National Cyber Security Centre (NCSC).

Dubbed CymruSOC, the centre – which is located in Merthyr Tydfil and will be run by managed security services provider (MSSP) Socura for an initial three-year contract – is the first national-level SOC to be set up in the UK.

It has been designed to ensure key organisations can continue offering critical services without disruption if attacked, protecting 60,000 employees across the public sector in Wales, and, ultimately, safeguarding the majority of the Welsh population from cyber threats to public sector bodies.

“The challenges people across Wales have faced in recent years due to the pandemic have shown the importance of digital in our lives,” said Welsh first minister Vaughan Gething. “It has become central to the way we learn, work, access public services and do business. However, our reliance on digital, has also led to a stark increase in the risk of cyber attacks which are becoming ever more common and sophisticated.

“CymruSOC is a first of its kind solution with social partnership at its heart – ensuring we take a ‘defend as one’ approach. It’s a vital part of our Cyber Action Plan for Wales, which – one year since its launch – is making good progress to protect public services and strengthen cyber resilience and preparedness.”

Socura CEO Andy Kays added: “The CymruSOC is a fantastic initiative, and we feel honoured to play a role in keeping Wales secure. By sharing a SOC, and threat intel, across all Welsh local authorities, even the smallest Welsh town will now have the expertise and defences of a large modern enterprise organisation.

“People rely on their local council at every stage of their life. It’s where they register a birth, apply for schools, housing, and marriage licences, which makes them a prized target for financially motivated cyber criminal groups as well as nation state actors seeking to cause disruption to critical infrastructure.

“It is our job to ensure that these critical services remain unaffected by cyber criminals’ attempts to steal data and cause disruption,” he said.

Councillor Geraint Thomas leader of Merthyr Tydfil County Borough Council, hailed the close collaboration between the council and the Welsh government in bringing CymruSOC to the former industrial area, which was once known as the Iron Capital of the World and in 1804 saw the world’s first steam-powered railway journey.

“Merthyr Tydfil’s approach to cyber security has always been innovative so I’m really pleased that as the contracting authority, we continue to lead this work on behalf of the CymruSOC member bodies, and other Welsh public sector bodies that wish to utilise the CymruSOC going forward,” said Thomas.

“It provides some reassurance to the population of Wales that if they use their local authority for any kind of service, then CymruSOC will provide additional support and protection to enhance existing cyber security controls,” he added.

A total of 18 out of the 22 Welsh local authorities have already signed up to benefit from CymruSOC – the four others run their own facilities.

Cyber Action Plan

Wales’ Cyber Action Plan, of which CymruSOC forms a key part, was formally launched in 2023 as a wide-ranging drive to improve cyber resilience across the country.

The strategy is focused on the following four pillars:

  • Security and Resilience – ensuring all organisations work to reduce the risks they face, and better prepare to deal with incidents;
  • Economy – creating high-quality jobs within the Welsh cyber industry to support economic growth and encouraging young people to see and plan futures in Wales;
  • Skills – ensuring Wales has adequate talent to support end-user organisations in cyber matters;
  • Cyber Ecosystem – developing and promoting Wales as an innovation hub and attracting investment.

Read more about SOCs

  • What’s in a name? Parse the true differences between a CERT, a CSIRT, a CIRT and a SOC, before you decide what's best for your organisation.
  • Learn how SOC teams can track threat actors by understanding the factors that influence an attack, such as the type of infrastructure used or commonly targeted victims.
  • Cyber security specialists need a game-changer to keep up with their adversaries, who increasingly use automation and AI for their attacks.

Read more on Data breach incident management and recovery