Freedom of Information request - Total spend on logging, monitoring & observability
Request ID: FOI-4199-2324 Date published: 12 March 2024
You asked
Dear Transport for London (TfL)
I am writing to make a formal request for information under the provisions of the Freedom of Information Act 2000. I would like to obtain specific details regarding the logging and monitoring tools in use, including but not limited to Elasticsearch, Splunk, Datadog
I kindly request the following information:
Total Expenditure:
Please disclose the total expenditure incurred by TfL for licensing, maintenance, and support fees related to these tools for the current & previous fiscal year
Licensing Costs:
Please provide a breakdown of the licensing costs paid by TfL for these tools for the current & previous fiscal year. This breakdown should include the individual costs associated with each tool
Maintenance and Support Costs:
Please provide a breakdown of the maintenance and support costs paid by TfL for these tools for the current & previous fiscal year This breakdown should clearly specify the individual costs associated with each tool
Contracts and Suppliers:
Please disclose the names of the contractors or suppliers with whom TfL has engaged for the licensing, maintenance, and support services related to log aggregation and other observability tools. Additionally, if applicable, please provide the contract start and end dates for each supplier.
IT Tooling:
Please disclose:
-Which tooling is currently in place to monitor the performance of IT infrastructure & applications -Who is responsible for IT tooling & solutions at TfL
I request that the information be provided in a machine-readable electronic format, preferably in PDF or Excel format. If providing the information in its original electronic format is not possible, please inform me of the available format options.
I understand that, under the Freedom of Information Act 2000, I am entitled to a response within 20 working days from the date of receipt of this request. If for any reason you are unable to respond within this time frame, please inform me promptly and provide an estimated date of when I can expect a response.
Thank you for considering this request. I look forward to your prompt response.
Yours faithfully,
We answered
TfL Ref: FOI-4199-2324
Thank you for your request received by Transport for London (TfL) on14 February 2024 asking for information about Elasticsearch, Splunk, Datadog.
Your request has been considered in accordance with the requirements of the Freedom of Information (FOI) Act and our information access policy. I can confirm that we hold the information you require.
However, in accordance with the FOI Act, we are not obliged to supply the information you have as it is subject to a statutory exemption to the right of access to information under section 31 of the FOI Act, which relates to law enforcement. Specifically, we are refusing your request under section 31(1)(a), which relates to information whose disclosure would be likely to prejudice theprevention or detection of crime.
In this instance the exemption has been applied as disclosure of the information you have requested could pose a threat to our IT systems, and would consequently prejudice the prevention or detection of crime as it could assist a third party in carrying out an attack on our IT systems.
The cyber tools you have referred to in your request are known as “SIEM” – Security Incident and Event Management.The SIEM utilised by TfL is a fundamental cyber security tool, and solution used to monitor events across the technological ecosystem to identify hostile activity, that could result in a cyber attack.
Disclosure of the level of spend would allow an attacker to infer the level of protection provided by this tool. It would also reveal the extent of our engagement with suppliers which could give some context to the types of attacks we deal with and provide an attacker with valuable insight into our network and security infrastructure.
The London transport system is a critical piece of national infrastructure and as such we employ rigorous safeguards to protect it from cyber attack. Like other organisations we are subject to these regularly. These attacks are unlawful under the Computer Misuse Act, and whilst the motive is not always apparent, we are aware of the risk to critical national infrastructure that may result from a successful attack. We consider that releasing the information you have asked for would be likely to prejudice our efforts to prevent and detect future attacks and undermine our ability to safeguard our information systems.
Whilst we make no suggestion that you would use this information for anything other than you own personal interest, disclosure of this information to you has to be regarded as a disclosure to ‘the public at large’. The use of this exemption is subject to an assessment of the public interest in relation to the disclosure of the information concerned. We recognise the need for openness and transparency by public authorities, but in this instance we consider that there is greater public interest in safeguarding our information systems and to ensure that cyber attacks, or any other criminal activity is prevented wherever possible.
The Information Commissioner’s Office has previously issued a Decision Notice regarding the application of section 31 in relation to cyber security. Please see the decision in the following link:
