1. Can you please list the number of devices deployed by your organisation for the following?
Device Type – Number of Devices
Desktop PCs – 122
Laptops – 6,692
Mobile Phones – 3,566
Printers – 25
Multi Functional Devices (MFDs) – 256
Tablets – 125
Physical Servers – 14
Storage Devices (for example: NAS, SAN) – 2
Networking Infrastructure (for example: Switches, Routers, Interfaces, Wireless Access Points) – 500
Security Infrastructure (for example: Firewalls, Intrusion Detection Systems (IDS), Virus Monitoring Tools) – Devon County Council can confirm that we hold the information you have requested, however, we consider this is exempt from disclosure under Section 31(1)(a) of the Freedom of Information Act 2000.
This is because the Council considers that this information constitutes valuable intelligence, that could be leveraged by a motivated cyber threat actor to inform a successful attack against our infrastructure. We feel that releasing this information would therefore increase the chances of DCC becoming the victim of a cyber-attack.
We have considered the public interest in releasing this information and whilst we recognise that there is an overriding public interest in openness and transparency, we feel that there is a stronger public interest in the Council maintaining the security and integrity of its IT systems.
We feel that significant weight should be applied to this public interest consideration given the current elevated cyber threat landscape facing public sector organisations. For these reasons we feel that the balance of public interest weighs in favour of withholding this information from disclosure.
2. Does your organisation have plans to procure any of the below services, if yes then please provide information
in the below format? Estimated/Total Cost Duration
| Estimated/Total Cost | Duration | |
| Example: Platform as a Service | 1 million | 2023/28 |
| a. Cloud computing | N/A | N/A |
| b. Software as a Service (SaaS) | See Q4 below | |
| c. Platform as a Service (PaaS) | N/A | N/A |
| d. Infrastructure as a Service (IaaS) | N/A | N/A |
| e. Anything as a Service (Xaas) | N/A | N/A |
3. Does your organisation have any plans to procure the below services, if yes then please provide required
information in the below format? Estimated/Total Cost Duration
a. Network Security
b. Cloud Security
c. Endpoint Security
d. Mobile Security
e. IoT Security
f. Application Security
Devon County Council (DCC) can neither confirm nor deny that this information is held, in accordance with Section 31(3) of the Freedom of Information Act 2000. The Council considers the information relating to cyber security and associated controls to be exempt from disclosure under Section 31(1)(a) of the Freedom of Information Act 2000 – ‘Law Enforcement’ – ‘the prevention or detection of crime’. This is because disclosure places the organisation at risk of crime or fraud.
Our view is that this information constitutes valuable intelligence, which could be leveraged by a motivated cyber threat actor to inform a successful attack against our infrastructure. We feel that releasing this information would increase the chances of DCC becoming the victim of a cyber attack. Attacks on IT systems are criminal offences. To provide information, of confirmation of information being held, might prejudice the prevention of crime by facilitating the possibility of an offence being carried out.
There is a very strong public interest in the effectiveness of law enforcement and the prevention of crime and although we appreciate that there is a general public interest in openness (because this increases public trust and engagement), this public interest should be weighed against a very strong public interest in safeguarding the security of Council networks and systems. Section 31 of the Freedom of Information Act 2000 states that there is a very strong public interest in protecting the law enforcement capabilities of public authorities. We feel that significant weight should be applied to this public interest consideration given the current elevated cyber threat landscape facing public sector organisations. For these reasons we feel that the balance of public interest weights in favour of withholding this information from disclosure.
4. Can your organisation provide planned ICT procurement plans across software, hardware or services for current and future years?
(Software Applications/Hardware Devices/IT Managed Services)
Estimated/Total Cost Duration
| Estimated/Total Cost | Duration | |
| Adult System | Up to £4.5m | 15 year contract (5 with extensions 2+2+2+2+1+1) 2024 – 2039 |
| Finance System | £4m | 7 years (5 plus 2). |
| Remote Access System | Up to £200K/pa | TBC |
| Hardware (Laptops) | Up to 3.2m | N/A |
| Public Health Nursing System | TBC | TBC |
| Meeting Room IT Kit | Up to £600K | N/A |