Over the past 5 years, the number of cyber attacks on public sector organisations has risen exponentially, presenting a real and ongoing threat to Defence capabilities, functions and operational determinants. With Defence outcomes existing in an increasingly digital world, the ability to anticipate, withstand, recover from and adapt to cyber threats and attacks, known as cyber resilience, has fast become fundamental to Defence. Taking an approach that shifts the focus from only cyber security to instead emphasise cyber resilience, as outlined in the National Cyber Strategy 2022, provides greater overall protection from cyber threats, and will be central to the ongoing functioning of all digital Defence capabilities. This article will highlight three key components of cyber resilience in Defence: policy, people and technology, and explore how Defence can draw on the innovation and insights startups and industry have to build capabilities that are resilient and secure enough to tackle current-day challenges.
Policy is a central element in creating a holistic approach to cyber resilience within Defence. This is reflected in The Ministry of Defence’s Cyber Resilience Strategy for Defence, which emphasises cyber resilience being a foundational tenet of Defence which other capabilities are to be built upon. The ‘Secure by Design’ strategic priority sets the tone for the whole organisation’s way of working, inherently protecting Defence capabilities throughout their lifecycle with pre-planned recovery measures to create resilience.
Policy is also directly related to an often-overlooked but crucial element of cyber security and resilience; people and process. In the Cyber Resilience Strategy for Defence, every person within the Ministry of Defence is seen as crucial to this, emphasising the fact that cyber security architecture is as much about human behaviour as it is about technology. With many threats relying on social engineering to succeed, cyber resilience initiatives working to counter these must be human-centred and user-friendly. A brilliant example of this is the three apps commissioned by the MOD that gamify cybersecurity upskilling for the government workforce, teaching crucial skills in a fun and learnable format that incentivises good cybersecurity practices.
New vulnerabilities are constantly being exposed and cyber resilience across the public sector relies on using multiple layers of protection to counter cyber attacks at every stage. To achieve this, three main types of technology are needed: proactive security to identify and prevent attacks before they start, defensive security to recognise attacks when they start, and reactive security that restores the functionality of systems if an attack is effective at breaching the security. Even beyond those capabilities needed for other public sector organisations, Defence faces a variety of different challenges; be it the scale and diversity of systems it uses, including many legacy ones that are susceptible to attack and potential routes to wider exploitation, or the requirement to be able to operate at distance, often in challenging/denied environments, away from core infrastructure. As Defence continues to expand its use of, and reliance on, data and multi-domain integration, it is critical that these myriad systems are genuinely secure and resilient.
At PUBLIC, we see a range of innovative solutions tackling challenges across these areas in the Defence and cybersecurity space. Some companies combine human and technological insights, as in the case of Elemendar, who use AI to translate human-authored cyber threat intelligence reports into machine-readable data, saving cyber analysts time and reducing the delay in responding to cyber threats. Others focus on the security of data: Cyber Defence Service examines and secures the Radio Frequency used both by IoT and Operational Technologies; whilst Ionburst creates a secure way to store and transfer data throughout its lifecycle.
This broad approach to cyber security creates a depth of defence not seen in single-approach solutions. It is in response to this need that Amazon Web Services is running the AWS Defence Accelerator to support a cohort of leading solutions across the spectrum of cyber resilience. This will help startups use AWS’ secure and reliable platform to develop solutions that tackle some of defence organisations’ biggest challenges, with Defensive Cybersecurity being one of the key challenge areas highlighted. Startups will join experts from AWS and PUBLIC to receive support developing and scaling their companies.
It is against this cyber resilience threat backdrop that Amazon Web Services and PUBLIC launched a UK Defence Accelerator. The accelerator includes an initiative dedicated to addressing these cyber challenges, helping start-ups bring cyber solutions to the attention of defence customers. A down-selected cohort of startups with cloud-based solutions for land, air, maritime, space and cyber defence will be offered a four-week technical, business, and mentorship programme.
When announcing the accelerator’s launch at Defence Disrupted PUBLIC CEO, Daniel Korski, shared
“The AWS Defence Accelerator aims to connect with SMEs which have not considered the defence space a viable market before and by convening those who understand how the UK’s defence market works and the challenges it faces alongside innovative solutions which can actively make a difference. Our ambition is for the accelerator to widen and deepen the pool of talent and innovation that UK defence requires to meet its mission.”
The AWS Defence Accelerator is open for applications to UK-based start-ups, and those from Europe, the Middle East and Africa doing business in the UK until 01 July.
To apply or for more information about the AWS Defence Accelerator please visit the website