MoD Cyber Resilience Strategy outlines 2026 vision
Releasing its latest Cyber Resilience Strategy (CRS), The Ministry of Defence states that by 2026, critical functions need to to be significantly hardened against cyber-attack.
Writing in the document’s foreword, Laurence Lee, second permanent undersecretary at the MoD, says:
“Building resilience into the delivery of our defence outcomes is a whole force challenge. A constant assessment of risk and continual assurance of our capabilities will inform our priorities and drive our focus to the right places. We will need to evolve our plans to counter, and rapidly recover from, an effective cyber attack.
“The focused pursuit of experimentation and innovation will underpin a ‘learn fast’ and ‘fail fast' approach which will allow defence to securely adopt disruptive technologies that allow us to compete decisively with our adversaries.”According to the Strategy document, "the challenge is both individual to Defence and a collective whole force mission for industry, Government, and our Allies and Partners. Achieving the aim is crucial to enabling the Government’s vision to place the UK at the forefront of global action on a safe digital future across the ‘future frontier’ of cyberspace."
The strategy outlines seven priorities:
- ensuring the principle of ‘secure by design’ is included in all capabilities;
- developing a risk management approach for good governance and compliance;
- integrating cyber defences to cover critical functions to rapidly detect and respond to threats;
- developing appropriate behaviours and a positive culture among people in the sector;
- enhancing relationships with the industry;
- ensuring the entire digital enterprise incorporates security controls for resilience;
- and experimentation, research and innovation to stay ahead of threats.
It also includes a number of steps for delivering the vision, including the construction of secure digital backbone, equipment capability programmes focused on cyber security, acceleration of agile commercial constructs in the relevant procurement, and development of clear accountabilities for all aspects of cyber resilience.