The Ministry of Defence (MoD) has said it has a central aim of all organisations in its sector to be resilient to known cyber vulnerabilities and attack methods no later than 2030.
It has set this out as part of its newly published Cyber Resilience Strategy for Defence, along with an earlier target for all critical functions in defence to be significantly hardened by 2026.
The document says this is an ambitious but necessary aim and will require the contributors from across defence organisations and functions to proactively strive to deliver strategic priorities.
This will require an immediate focus on implementing the ‘protect’ element of the Integrated Operation Concept, which outlines MoD thinking on deterrence in defence.
Seven priorities are outlined in the strategy:
- ensuring the principle of ‘secure by design’ is included in all capabilities;
- developing a risk management approach for good governance and compliance;
- integrating cyber defences to cover critical functions to rapidly detect and respond to threats;
- developing appropriate behaviours and a positive culture among people in the sector;
- enhancing relationships with the industry;
- ensuring the entire digital enterprise incorporates security controls for resilience;
- and experimentation, research and innovation to stay ahead of threats.
It also includes a number of steps for delivering the vision, including the construction of secure digital backbone, equipment capability programmes focused on cyber security, acceleration of agile commercial constructs in the relevant procurement, and development of clear accountabilities for all aspects of cyber resilience.
Writing in the document’s foreword, Laurence Lee, second permanent undersecretary at the MoD, says: “Building resilience into the delivery of our defence outcomes is a whole force challenge. A constant assessment of risk and continual assurance of our capabilities will inform our priorities and drive our focus to the right places. We will need to evolve our plans to counter, and rapidly recover from, an effective cyber attack.
“The focused pursuit of experimentation and innovation will underpin a ‘learn fast’ and ‘fail fast' approach which will allow defence to securely adopt disruptive technologies that allow us to compete decisively with our adversaries.”