SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Advanced Persistent Threat Protection
#
Cybersecurity
#
Cyber Threats
Logiq Consulting explains UK MOD's 'Secure by Design' Initiative
Sat, 7th Oct 2023
Author image
By Sean Mitchell, Publisher
Follow us

Information and cyber security consultancy, Logiq Consulting has shed light on Secure by Design, the Ministry of Defence's (MOD) fresh approach to cyber risk management. The forthcoming initiative from the Cabinet Office, also titled Secure by Design, represents a "fundamental change" in the execution of cyber security across Government departments. The aim is to counter the rising cyber threats to these departments to ensure the critical services are secure now and in the future.

The idea behind Secure by Design is a pivot towards improved cyber security, moving away from an accreditation-based model. It suggests a team-based approach, integrating security design principles based on continuous risk management, secure systems engineering, and ongoing improvement. The initiative's motive is to focus on crafting systems from scratch that are secure, beneficial, reliable, and resistant to cyber-attacks, instead of treating security as an afterthought.

While the new initiative does mean an end to the previous accreditation model, it also signifies deeper and more foundational shifts within cyber security. Aligning security activities with management and engineering processes, the new method means security is no longer a siloed concern. Instead, the Secure by Design approach aligns security risk with existing risk management processes, acknowledges it early on, and balances it against other system considerations like cost controls, system integration, user experience, safety, and logistics. This makes cyber security everyone’s responsibility and calls for a collective revamp of the mindset at various levels, such as senior management, commercial teams, project managers, product teams and their suppliers.

The Central Digital & Data Office (CDDO) has developed a framework that permits Government departments to customise Secure by Design. Departments like the MOD, which work on complex cyber-digital-physical systems, have adapted the general approach to fit their specific requirements. Rather than seeking an accreditation certificate, the new principle-based approach requires a set of evidence that provides stakeholders with reassurance. Teams will, therefore, need to develop assurance cases based on evidence produced throughout the project, showing that security goals have been agreed and accomplished, and that security can be maintained throughout product lifecycle.

Despite the challenges associated with altering mindsets around cyber security, Secure by Design is predicted to offer long-term benefits. The primary advantage is the delivery of superior, more secure systems that are reliable and better equipped to resist cyber-attacks. Designing security from the outset will ensure these systems are functionally enriched, usable, and also aligned with business or mission objectives. Secure by Design initiative will also mean responsibility and accountability for security sit solely with product delivery teams rather than accreditation teams.

Related stories
Smarttech247 & SentinelOne launch AI-powered cybersecurity for SMEs
GitHub's 2FA initiative helps secure software supply chain
Jason Haddix joins Flare as Field Chief Information Security Officer
High Performance Podcast duo to keynote Infosecurity Europe conference
New UK cybersecurity law takes effect amid evolving threats
Top stories
The messaging evolution and the fight against fraud
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity