UK Military Embraces Security by Design

Written by

The UK’s Ministry of Defence (MoD) has launched its Secure by Design initiative, which is to transform how cybersecurity is built into its systems and capabilities both internally and across its supply chain.

The new approach, will change how cybersecurity is addressed in capability programs across the government department, shifting from the previous MoD accreditation-based compliance to “continual risk management.”

Security by Design requires security and resilience to be built in from the outset of a program rather than bolted on at the end of a lifecycle.

Read here: Industry Experts Urge CISA to Update Secure by Design Guidance

A major aspect of the initiative is placing responsibility and accountability on senior responsible owners (SROs), capability owners and delivery teams for ensuring systems are cyber secure. This will involve continuous assessment and assurance, considering the cyber risks from program conception to delivery.

Christine Maxwell, Director, Cyber Defence and Resilience, Defence Digital, explained the strategy in a blog post in May: “The key to the success of this is that programs need to resource and fund cybersecurity as they would any other key capability requirement.”

A range of tools, guidance and processes have been developed to support teams to build in security in systems. This includes a self-assessment tool that enables projects to self-assess their maturity against security policy and technical guidance.

All relevant information can be viewed on the Secure by Design portal. Industry partners who wish to access the portal will need to create a DefenceGateway account and complete the request form, which will then be subject to an approval process.

In the launch announcement, Maxwell commented: “The threat of cyber-attacks is very real and something that we must all always be focused on. The launch of Secure by Design is a pivotal moment in the way we approach cybersecurity at the MoD and will lead to the delivery of more secure systems through simplified processes, greater use of open standards, better guidance, more flexibility and empowered decision making for program teams.”

Security by design is an approach being promoted by the UK and US governments. In the UK, the government-backed Digital Security by Design (DSbD) project aims to secure underlying computer hardware, preventing most vulnerabilities from ever occurring.

In the US, security by design is a key component of the White House’s National Cybersecurity Strategy, which aims to shift the burden of cybersecurity from individuals, small businesses and local governments to technology firms.

Image credit: VanderWolf images /

What’s hot on Infosecurity Magazine?