Skip to the content

MoD adopts ‘secure by design’ for cyber security

02/06/23
Cyber lock with data icons
Image source: istock.com/Kanawath

The Ministry of Defence (MoD) is moving to a ‘secure by design’ approach to deal with cyber security in its capability programmes.

It has indicated that it plans to end its process of accreditation at the end of a programme and replace it with a requirement on senior responsible owners, capability owners and delivery teams to be responsible and accountable for delivering systems that are cyber secure.

Director of cyber defence and risk Christine Maxwell said the new approach is essential as teams must own the cyber security risk, and that it must be followed in all new programmes and systems development.

A formal launch is planned for next month, following which the full process will go live.

“The approach will lead to the delivery of more secure systems through clearer accountability, simplified processes aligned to the capability delivery strategy, more use of open security standards, better guidance, more flexibility, and empowered decision making,” she said in a blogpost.

Piloting, policy, process

A project team has been piloting the approach in MoD programmes this year and produced a policy, process, guidance and tooling to support projects.

It includes a self-assessment tool and a new portal to support users in the ministry, along with a dedicated helpdesk.

In addition, a new second line assurance function has been set up to perform independent assessments, with reviews at key stages of programmes.

Register For Alerts

Keep informed - Get the latest news about the use of technology, digital & data for the public good in your inbox from UKAuthority.