4 minutes reading time
As technology grows in complexity, the ability to secure our most critical assets becomes more challenging. Nation-state adversaries have engaged in relentless attacks across all facets of our digital world over the last few years, from traditional IT networks, throughout our cloud environments, and into our Operational Technology, all of which can have devastating implications for our well-balanced society. This persistence has meant the UK and its allies have had to adapt to ensure that we deliver our war fighting and defence capabilities in an ever more risk-aware and resilient manner. The MOD acknowledge this challenge and have developed a series of programmes to address the ever-increasing threat, one of which being Secure by Design (SbD). From the 28th July 2023, SbD will be the primary security methodology moving forward for MOD defence projects.
What is Secured by Design?
SbD takes a fresh approach to integrate security into every aspect of a systems design and development process with the aim of creating a secure final product. This MOD programme is a component of a wider, more comprehensive government strategy that goes by the same name and should not be confused with varying concepts that sometimes bear a similar name, such as the cross-Government Secure by Design approach, or Secured by Default. Building resilience, reducing risks, and putting in place strong safeguards against both new and old cyberthreats are the main objectives of SbD. By embedding security from the very beginning, SbD ensures that the MOD and its partners are equipped with the necessary tools and methodologies to defend against emerging Cyber threats. The methodology contains 7 key principles:
Why is Secured by Design important?
The MOD recognises that the future demands a more holistic approach to security, and SbD goes beyond the traditional reactive measures by putting proactive defence at the forefront. This approach relies on other stakeholders, including its contractors, technology developers and security experts to identify vulnerabilities within delivered capabilities and design effective controls to protect against exploitation. This increased accountability will bring cyber security to the forefront of everyone's minds and help ensure that Defence receives more resilient products.
By integrating security into the design process the MOD can anticipate and address potential vulnerabilities before they are baked into the solution. This approach of conducting due diligence at every stage in the design/development process of an application or system will provide much greater confidence that a capability meets customer demands from a security and resilience standpoint. Customers/end users of MOD systems can therefore expect to see far more encryption, multi factor authentication, monitoring, and assessments embedded in each capability to ensure their information is confidential, maintains integrity, and is highly available.
When does Secured by Design Launch?
Secured by Design is open for business and formally launched on the 28th July 2023. Early-stage programmes/projects will transition before 31st December 2023 and systems not yet in service will be transitioned by 31st March 2024. Following 31st March 2024 all programmes, projects and systems will transition when their existing legacy accreditation expires. Secured by design is here.
The Benefits of Secured by Design for you?
SbD offers many benefits for the MOD and its end users, notably:
- Assurance will be embedded within capability process, thereby addressing new threat more regularly than the previous snapshot in time approach to accreditation.
- It will improve security awareness by incorporating far more stakeholders, providing more eyes on the capability that will result in more vulnerabilities being identified.
- It will allow for capabilities to remain in service longer, reducing the requirement for new projects (saving precious resources).
- Trust and confidence in capabilities to meet today’s threats will be greatly enhanced.
Overall, the MOD have adopted a SbD approach to provide greater confidence in the resilience of their systems to the cyber-attacks of today and the future. SbD is the only approved approach to achieving ‘accreditation’ for capabilities being delivered into Defence from July 23. Industry suppliers must be ready for what that means from a security and commercial standpoint, as missing the mark on SbD can mean the difference between remaining a trusted Defence provider and not.
At CDS Defence & Security we have a long history of working in the Defence environment. Our expert, independent, security cleared, cybersecurity consultants are ready to support you on your SbD journey. If you’d like more information in how we can support as you migrate to an SbD approach, you can contact us here.
Elliot Samples: "At 19 I’m diving headfirst into the world of cyber as an apprentice consultant at CDS DS. Currently enrolled on a Cyber Security Technical Professional degree, I blend academic studies with hands on experience to get the best learning experience and provide the most value to the company. Being an apprentice allows me to bring new perspectives to the team, as well as learn from the best."
Declan Mallinder: "An Ex Army Officer serving 7 years in the Royal Corps of Signals, I continue to have a passion for defence, technology and innovation. I am incredibly grateful to have had such a brilliant foundation within the MOD and am now proud to work within CDS Defence and Security as we work collaboratively to meet rapidly evolving cyber challenges in an increasingly connected world.
"Bringing my expertise of the MOD, project management and leadership to CDS DS helps us ensure that we have deeper awareness of the client's needs and allows us to tailor our services to meet their bespoke demands."