Bletchley Park, once the top-secret home of the World War Two Codebreakers, is now a vibrant heritage attraction. Bletchley Park is open to the public, and receives hundreds of thousands of visitors annually.
Considering the history of Bletchley Park, and the current emphasis on data protection and privacy, security is something that Bletchley Park take very seriously. Their requirements were to have a more pro-active approach toward security.
Seeing the growing rise in cyber-attacks, T-Tech advised Bletchley Park to run a test on their systems, to see how secure and susceptible they were if a breach were to happen. T-Tech also recommended that they carry out a security audit, with the goal of becoming Cyber Essentials Plus Certified. This certification is a UK government security standard that helps organizations to take a proactive approach to prevent or mitigate (the vast majority of) cyber-attacks.
At the start of the project T-Tech recommended a few essential things to senior management at Bletchley Park:
- Carry out an internal security audit on their IT systems
- Attempt to hack their system by carrying out a penetration test from an external, third party
- GDPR audit via a Windows 8 and 10 assessments
- Gaining the Cyber Essentials Plus Certification by passing the external penetration test, scanning the networks to seek out the issues, and carrying out a security questionnaire
After these recommendations were approved by Bletchley Park, T-Tech carried out an internal assessment for the audit, which consisted of 4 different areas:
- Physical assessment of client infrastructure
- OS/AD infrastructure
- Network review
- Patch/AV management
The initial internal audit revealed some vulnerabilities in the key assessment areas. T-Tech quickly and efficiently remediated these issues ultimately hardening the client internal OS infrastructure. The biggest challenge during the remediation was that it was time-consuming, but other than that the T-Tech technical team were able to fix any issues, and at no point did this have any effect on end users.
Following this, the external audit was carried out by one our third-party security partner, which included an external penetration test of Bletchley Park’s perimeter and all public facing hosts. Fortunately, they were unable to pass through Bletchley Park’s security boundary, and Bletchley Park were rewarded with the Cyber Essentials Plus certification.
With little to no problems, T-Tech carried out the project within time and budget, and Bletchley Park are now successfully certified. Bletchley Park were very cooperative with our technical team, and were pleased with the outcome of gaining the certification.