Recent cyber attacks around the world highlight the socio-technical damage that can be inflicted via computers. Examples include the cyber-attack on the US Office of Personnel Management in 2015, the cyber heist on Bangladesh’s central bank in 2016, and the global cyber attack that affected the NHS in 2017.
To ensure its defence against such attacks, the Ministry of Defence (MOD) initiated a series of cyber vulnerability investigations and is actively advancing its approach to managing cyber risks. These activities will help improve its long-term resilience and security. This allows MOD and our armed forces to continue using computer systems in a range of ‘contested environments’ against hostile actors.
Dstl’s Defence and Security Analysis and Cyber and Information Systems Divisions developed the method of measuring MOD’s cyber risks, and integrated these risks with traditional risks captured across the whole of Defence. This process has been applied across MOD at different levels, ranging from individual vehicles, such as ships and aircraft, to installations and facilities, and operational military units.
The process has been used to improve understanding and provide support in reducing cyber risks across MOD. In the future, this approach aims to reduce cyber risks throughout the complete lifecycle of MOD and military systems, helping to ensure that future military systems are designed from the outset with appropriate cyber security considerations and remain as such throughout their lives.
The cyber analysis helped the Defence Board understand the cyber risks in MOD, and to ensure prioritised investment that increases MOD’s security against key cyber threats. The work is ongoing and will continue to help improve MOD’s cyber resilience and ultimately contribute to the security of its personnel, equipment and information. This will ensure the effective operation of MOD in the world of ever-increasing and diversifying cyber threats.
Working with others
This work was done in partnership with: