Skip to main content

SNAP: Identifying cross-government threat patterns and trends

Posted by: , Posted on: - Categories: Guest blog, Hot security topics

In this guest post David Mead from the Office of the Chief Technology Officer, at Cabinet Office, talks about the importance of looking at security across government departments and teams.

I’m David Mead and I work at Government Digital Service (GDS) as part of the Chief Technology Officer team. In my role I look at how we improve our security awareness across government. As security professionals it’s our job to make sure that government has the security it needs to keep its data safe. Of course, it’s impossible to design and implement effective, proportionate security without understanding the threats you face.

Protective monitoring solutions play an important role in giving us sight of the historic, current and developing threats we face. By analysing and understanding the nature of security attacks we can implement better security and more effective incident response processes.

When it comes to protective monitoring, two organisations may well face an identical threat profile and it’s important we share information. Understanding what attacks your peers are suffering can give you a much-needed edge when it comes to information security.

The Security Network Analysis Platform (SNAP), a joint GDS/CERT-UK project, aims to do this. By aggregating data collected by protective monitoring solutions across the public sector and analysing it for patterns and trends, SNAP can provide participating organisations and central government a clearer strategic view of the cross-sector threat picture.

The benefits aren’t only strategic. By comparing the aggregated data against sources of “known bad” (a list of IP addresses known to be compromised by malware, for example), SNAP can add value to the protective monitoring that participating organisations are carrying out, allowing them to spot attacks that they may otherwise not have identified. The idea is to amplify the weak signals present in a single organisation’s data, making it easier to pick them out of the noise.

SNAP will produce periodic reports on cross-government threat patterns and trends, as well as alerts on specific developing threats. The SNAP team aim to use the Cyber-security Information Sharing Partnership (CiSP) to publish this output, which should encourage anyone not already signed up to this excellent resource to sign up!

I'd love to hear from anyone who thinks this project might be of value to their organisations, anyone who wants to find out more should get in touch with me at

Sharing and comments

Share this page