MoD appoints new CIO and releases ICT strategy

The Ministry of Defence (MoD) has appointed Yvonne Ferguson as CIO and released its latest Defence ICT Strategy document

The Ministry of Defence (MoD) has appointed Yvonne Ferguson as CIO and released its latest Defence ICT Strategy document.

The former Royal Mail and Transport for London CIO will start at the MoD in January 2014 as a 3* MoD CIO. The 3* refers to her ranking in the military, similar to that of military personnel. There are four ranks, and Ferguson’s role is the civil servant equivalent of a lieutenant general.

The MoD's latest Defence ICT Strategy document outlines the actions needed to ensure “ICT is procured, used, supported and replaced in a coherent manner”.

The strategy, which replaces the October 2011 document, sits in line with existing plans such as the Government Digital Strategy, MoD Information Strategy, Digital in Defence and the Cyber Strategy.

The strategy states: “We want to reap the benefits of the modern consumer marketplace while recognising the need to manage the increasing cyber threat.”

It says the MoD needs to work more collaboratively and with greater agility, looking towards the enterprise for inspiration on how it could use tools such as social networking within the organisation.

The strategy said the MoD needs to exchange information and share knowledge in “dynamic and sometimes unpredictable ways”. To do this, it calls for a single information environment enabled by ICT.

It defines the single information environment as “a logical construct whereby assured information can pass unhindered from point of origin to point of need”.

As part of this environment it wishes to be more effective, efficient, agile and compliant, and outlines the ICT delivery it will need to become so, including: end user devices and bring your own device (BYOD); applications and data; ICT risk management; and enterprise service bus (ESB).

End user devices and BYOD

The strategy states the “reliance on a majority of desktops, minority of laptops and relatively few handheld devices is no longer appropriate”, calling for the MoD to implement a range of tablets and smartphones for accessing information.

But it says bring your own device (BYOD) schemes are not yet suitable for the MoD, as making provisions for employees to connect personal devices to the Defence network presents an “unacceptable cyber threat”.

It does plan to take on board the benefits of BYOD, however, which include improvements to economics and user experience. The MoD will implement a choose your own device (CYOD) policy, where it will procure a range of modern devices for its employees, which will be managed in a secure way.

“The MoD policy will need to adapt to enable this way of working, as encouraged through the introduction of the Government Security Classifications policy, and users will need to accept greater individual responsibility for the safe handling of information in this way,” the document states.

Applications and data

Due to the increasing trend to step away from traditional desktops towards a more agile and mobile ICT infrastructure, the way MoD users access services will also change.

The strategy aims to provide applications to users in a way that keeps them mobile and agile. But it will aim to provide the service in the following descending order of priority: browser based; hosted on client servers; or hosted on the user device.

The strategy also stated the MoD wants to make better use of big data analytics to allow users to make better decisions from the data that is available.

ICT risk management

In April 2014, a new Government Security Classifications policy will allow the MoD to analyse how it should manage ICT risk.

“The Defence must continue to guard against increasing threats to its information security and availability through rigorous compliance with its information assurance and cyber policies,” stated the strategy.

It says the MoD must conduct a risk assessment whenever ICT is procured or used for the first time.

Enterprise service bus (ESB)

The strategy states the single information environment cannot be made up of scattered ICT solutions. The MoD must invest in a corporate service to connect the disparate applications, services and re-usable data stores to create the single information environment.

Read more on Business applications