MoD Secure by Design goes live
Image by Willie Barton / copyright Shutterstock
This new approach is designed to transform the way in which the MoD builds cyber security into systems and capabilities.
Secure by Design will fundamentally change the way the MoD approaches cyber security, moving from accreditation-based compliance to a process of continual risk management that is embedded in its delivery programmes. Secure by Design will require security and resilience to be built-in from the outset, increasing the speed and efficiency of delivering systems that are secure and will also modernise how assurance is delivered.
A key aspect of Secure by Design is ensuring the responsibility and accountability for cyber security sits with the programme and project teams who understand the systems and risks the best. Secure by Design promotes a process of continual assessment and assurance, whereby project teams will consider the cyber risks from programme concept, through to delivery, taking a proactive approach to security.
To support the adoption of Secure by Design across the MoD and its supply chain, a new and dedicated information portal is now live and can be accessed here. The Secure by Design portal helps delivery teams, by providing the information they need to manage cyber security effectively, helping embed the principles of continual assurance, as opposed to point in time accreditation.
The launch of the portal is a key milestone in the transformation, enabling MoD personnel and industry to get started with Secure by Design as well as providing background information on the change. Secure by Design is delivering a framework of principles, policy, step-by-step guidance, tools, technical guidance and tutorials, all of which are available on the portal. It also includes details on how to access advice from MoD specialist security and assurance teams.
Christine Maxwell, Director, Cyber Defence and Resilience, Defence Digital, said: “The threat of cyber-attack is very real and something that we must all always be focused on. The launch of Secure by Design is a pivotal moment in the way we approach cyber security at the MoD and will lead to the delivery of more secure systems through simplified processes, greater use of open standards, better guidance, more flexibility and empowered decision making for programme teams.”
NB: The Secure by Design portal
is accessed through DefenceGateway. Industry partners seeking access to the Secure by Design portal will need to create a DefenceGateway account. This can be requested through Defence Connect where partners will need to complete the request form which is then counter-approved by a sponsor who is a staff officer grade two or three or equivalent at civil servant. This request then gets sent to the Community Management Team within Defence Connect for approval.