British Military Leaders Cite New “Cyber Resilience” Plan to Harden Weapons Systems

From UK Ministry of Defence

Second Permanent Secretary, MOD Charlie Forte DG Chief Information Officer, MOD Andrew Forzani DG Commercial

18 Dec 24

As you are aware, Cyber security remains one of the greatest threats we face as a Defence enterprise, with the global threat landscape intensifying over the past year. It is vital we are resilient to ensure we continue to collectively deliver critical Defence capabilities. We have previously written out individually to companies in the Defence supply chain to encourage improvements in cyber resilience. However, a number of incidents this year within the public sector supply chain serve as a stark reminder of the need for robust and continuous enhancement of our cyber security measures. Irrespective of the nature of your business, building resilience and good security practice across the end-to-end supply chain to mitigate this risk is non-negotiable and a critical requirement for all contracts with the Ministry of Defence.

Mounting an effective cyber defence is complicated and the nature of the measures you need to take are driven by multiple factors. However, the National Cyber Security Centre (NCSC) has produced clear guidance and advice. We are therefore writing to highlight this guidance and lay out our expectations. What are we asking you to do? Review Your Organisation performance against the NCSC’s Cyber Assessment Framework. The NCSC has developed the Cyber Assessment Framework1 to aid you in developing a robust cyber defence. The Framework is supported by a series of indicators of good practice, and we would expect to see you achieving these standards. All elements of the Framework are important but we would like to draw your attention to the following areas: • Govern – Your organisation must have appropriate management policies, processes and procedures in place to govern its approach to the security of network and information systems.