IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Ministry of Defence pledges resilience to all known vulnerabilities and cyber attack methods by 2030

New MoD cyber security strategy is underpinned by a 'secure by design' approach that will run across the organisation

The UK’s Ministry of Defence (MoD) has announced its ambition to become resilient to all known cyber security vulnerabilities and cyber attack methods by no later than 2030.

It will also aim to have the department’s critical functions “significantly hardened” to cyber attacks by 2026 in a broad plan underpinned by a brand-new, MoD-specific ‘secure by design program’.

The principle of Secure by Design (SBD) will run throughout the MoD and apply to every one of its capabilities so that they can harness emerging technologies like automation and quantum computing, the government report read.

The MoD’s SBD programme will apply to the hardware and products the department procures and will bleed into its staff’s ways of working too.

All of the department’s capabilities, which include all tools, platforms and devices that are potentially vulnerable to cyber attacks, will be scrutinised and have the SBD thinking applied to them to maximise security.

Secure by design will also be applied to the MoD’s digital enterprise - a term it uses to describe the “digital backbone” on which all its capabilities depend - ensuring things like networks, applications, and data are all safeguarded.

“MOD has a key role to play in the UK being a responsible cyber power,” said Christine Maxwell, director of cyber defence and risk at the MoD. “This means it has never been more important to focus and reset defensive cyber. 

“This strategy is central to actively tackling threats to cyber security, securing the Digital Backbone, and underpinning Defence’s ability to operate freely in cyberspace. We all have a role to play to build a cyber-resilient Defence.”

Before the MoD can work on embedding SBD throughout the organisation, it said there are several obstacles it needs to overcome, such as the culture of the department needing to become more focused and conscious of cyber security.

It also needs to address the mounting technological debt across the MoD and “accelerate the elimination of obsolete technologies from the digital environment”.

Public sector organisations are notoriously behind when it comes to refreshing technology and this approach has been blamed for cyber incidents in the past, such as the NHS’ failure to patch systems that led to WannaCry’s success.

Related Resource

The state of brand protection 2021

A new front opens up in the war for brand safety

A log-in screen with a red background - whitepaper from MimecastFree download

The concept of cyber resilience is one the UK’s National Cyber Security Centre (NCSC) has been touting for some time and was one of the main watchwords at the most recent CYBERUK conference

“If you really focus on the basics, and you focus on the resilience side, and you build your defences, and you focus more on yourself and less than your adversary, actually, that plays much to your favour, when perhaps you find yourself faced with that conflict. I think, very much, resilience is the line that we would draw from this,” said Paul Chichester, director of operations at the NCSC.

The NCSC has influenced a wider push for cyber resilience across all areas of the UK’s public sector in recent months.

An overhaul of the public sector IT strategy was announced in March this year, and the new security rules that will soon be applied to managed service providers (MSPs) after the government pushed for greater supply chain security, are just some of the moves the government has made to lock down its cyber posture.

The US has also been quick to implement new rules at the federal level to ensure its public sector departments are also protected against cyber attacks.

The cyber security and infrastructure security agency (CISA) mandated that all federal government departments needed to have a hundreds-long list of the most commonly exploited vulnerabilities patched by 22 May.

“We must shape the secure Digital Backbone as the game-changing transformation that will reset cyber defence,” said Laurence Lee, second permanent under secretary at the MoD.

“We will build resilience into our critical capabilities and systems, and make new capabilities Secure by Design. Our relationship with industry will fundamentally shift to work ever closer in delivering wider defence and security. Our people will become increasingly cyber aware to become sensors of the abnormal and informed decision-makers.”

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The UK's best cities for tech workers in 2022
Business strategy

The UK's best cities for tech workers in 2022

24 Jun 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022