The UK Government and a group of Britain’s leading defence and security companies have established an innovative new partnership to bolster the security of the UK against cyber attack through action within the defence industry, Vigilance can report.
The Defence Cyber Protection Partnership (DCPP) aims to meet the emerging threat to the UK defence supply chain by:
- increasing awareness of cyber risks
- sharing threat intelligence and;
- defining risk-driven approaches to applying cyber security standards.
The partnership includes the Centre for the Protection of National Infrastructure (CPNI), Government Communications Headquarters (GCHQ),Ministry Of Defence (MOD) and nine companies, BAE Systems, BT, Cassidian, CGI, Hewlett Packard, Lockheed Martin, Rolls-Royce, Selex ES and Thales UK.
Minister for Defence Equipment, Support and Technology Philip Dunne, said: "I'm absolutely delighted by the level of commitment shown by the participating companies in helping us to build our national resilience against cyber attack, and I look forward to more of our key contractors coming on board. This is a clear demonstration that government and industry can work together - sharing information, experience and expertise - to make sure we do everything we can to protect these critical networks, ensuring that the business of Defence is robustly protected."
Vic Leverett, DCPP Chair said: “This is an issue which demands a concerted and coordinated approach between Government and Industry and the DCPP is a critical component of this. Collaboration between industries and with Government has been first class, reflecting the joint commitment to succeed with our 2013 objectives. The whole is proving to be significantly better than the sum of the parts.”
By sharing experience of operating under the constant threat of sophisticated cyber attack, the DCPP will identify and implement actions that have a real impact on the cyber defences of its members and the UK defence sector as a whole. The DCPP model is intended to lead the way in industry collaboration and action on cyber security and to act as a useful template to be followed by commercial sectors to improve resilience across UK industry.
Working with the trade associations ADS and Intellect, DCPP will raise awareness and improve the understanding of cyber security risks, in particular by taking a pro-active stance to increase security of the wider defence supply chain through highlighting the need for protective measures.
Using existing industry standards as a foundation, the DCPP will define a risk-based and coherent approach to implementing cyber security standards across its members and its supply chain partners. By defining a framework which enables a proportionate application of controls, the DCPP will be able to provide guidance to organisations in the defence supply chain operating at different levels of risk exposure and complement the work on organisational standards being led by the Department for Business Innovation and Skills.
Organisations within the DCPP will also share threat intelligence and wider expertise on tackling cyber threats from the defence sector with other industry sectors and government through the recently announced national Cyber Security Information Sharing Partnership.
Cyber attacks are one of the top four threats to UK national security alongside international terrorism (National Security Strategy 2010). A re-assessment in 2012 has maintained this categorisation. The Cyber Security Strategy, published in November 2011, sets out how the UK will support economic prosperity, protect national security and safeguard the public’s way of life by building a more trusted and resilient digital environment. It recognises the need for Government and Industry to work in partnership. The Cyber Security Information Sharing Partnership (CISP), launched in May 2013, addresses sharing basic threat intelligence. The DCPP supports CISP focussing on highly sophisticated targeted attacks and adds risk driven standards and supply chain awareness.