dambuster - stock.adobe.com
The Defence and Security Accelerator (DASA) has launched a new Innovation Focus Area, or IFA, to seek out and develop technologies that will reduce the Ministry of Defence’s (MoD’s) exposure to cyber attacks on its systems and platforms.
Dubbed Reducing the cyber attack surface, the new IFA is being run on behalf of the Defence Science and Technology Laboratory (DSTL) and Defence Science and Technology (DST), and is now open to applications, with the process closing on 20 October 2021.
The UK’s defence sector currently has a large, integrated network of legacy security technologies giving malicious actors a substantial and diverse attack surface to have a pop at, and the scheme will supposedly “accelerate next-generation hardware and software technologies” to address vulnerabilities in networks and systems.
DASA said it expects to fund proposals within Technical Readiness Level 4 to 7, for up to £300,000 across a nine-month contract period.
Proposals will need to demonstrate how they will achieve a technical demonstrator by the end of the 2023 fiscal year, should further funding be made available. More details are available here.
The brief seeks technologies that can be intelligently applied to reduce the chance of successful cyber attacks; can raise the barrier to entry for hostile actors and give the UK military confidence and assurance that it can withstand cyber-enabled attacks; and are novel and applicable across a class of attack surface, as opposed to tailored to specific threats.
It is not seeking off-the-shelf products that will not need experimental development, or anything that offers no real prospect of integration into the UK’s defence and security capabilities, or offers no real prospect of out-competing extant products and services.
Read more about cyber security and digital in the MoD
- The Ministry of Defence has formally “stood up” a dedicated cyber security regiment tasked with protecting the UK’s defence networks both at home and on overseas operations.
- The Ministry of Defence has launched a 10-year digital strategy, focusing on creating a digital backbone and enabling the department to exploit data and innovation.
- AI and cyber capabilities have formed part of the government’s integrated review of security, defence, development and foreign policy.
Commenting on the new scheme’s launch, Talion chief operating officer Keven Knight said: “This is a great initiative from the MoD as it is encouraging software and hardware providers to start thinking about security and vulnerabilities at the beginning of the product development cycle, rather than bolting things on at the end.
“However, the one thing to note is that just because a product is developed with security in mind and vulnerabilities are addressed in the early stages, doesn’t mean the product will always be free from security bugs,” he said. “First, if these products are connected to networks and the internet, this will open them up to all the threats we are facing today.
“Second, it is virtually impossible to make an absolutely perfect product, where no vulnerabilities exist. This is because these products are built by humans, and humans are imperfect.
“Ultimately, the MoD should never let its guard down and should continue to monitor these products for vulnerabilities and security issues in the same way they do with other equipment,” said Knight.
A wave of high-profile security incidents affecting elements of critical national infrastructure in the past 18 months has thrown a spotlight on how hostile nation states use technology against Britain and its allies to cause disruption to national life. Military systems are no less vulnerable to such incidents and almost certainly draw great volumes of attacks that are never disclosed.
As part of a broader package of responses to this threat, the UK is currently in the process of developing a 250-strong cyber security regiment, the 13th Signals, created in 2020, alongside a cyber security defence force.
More recently still, the MoD has announced a major digital funding package including more money for cyber defences, and earlier this year ran its first ever bug bounty challenge with HackerOne, which led to the discovery of a number of security vulnerabilities, ranging from authentication bypass issues to misconfigured systems.