Ministry of Defence: ICT

Ministry of Defence written question – answered at on 13 May 2024.

Alert me about debates like this

Photo of Matt Rodda Matt Rodda Shadow Minister (AI and Intellectual Property)

To ask the Secretary of State for Defence, whether his Department has made an assessment of the potential national security risks associated with IT infrastructure operated by (a) his Department's arm’s-length bodies and (b) private firms under contract to his Department.

Photo of Andrew Murrison Andrew Murrison The Parliamentary Under-Secretary of State for Defence

The Ministry of Defence (MOD) takes the security of its IT infrastructure, that of its arm’s length bodies and of its suppliers, very seriously. However, the MOD does not comment on specific details of individual risk assessments as this could give useful information to potential adversaries.

Defence employs a Cyber Risk Management Framework that regularly reviews and escalates risk. This uses evidence from a variety of sources including as the Cabinet Office’s Gov Assure ‘Cyber Assessment Framework’ (CAF). All Defence Organisations, including ALBs, sit within this framework. MOD contracts are subject to a risk assessment which is used to determine the nature of the control measures should be applied to the contract.

The Cyber Resilience Strategy for Defence is driving a programme of work to improve Defence’s cyber security. In the longer term the MOD’s Secure by Design approach will ensure security is built into our capability programmes from the outset and managed effectively on a through life basis. The MOD is also reducing the cyber security risk across its complex legacy estate by improving its ability to respond to and detect cyber incidents, improve cyber awareness across the workforce, and improve resilience in it supply.

Does this answer the above question?

Yes0 people think so

No1 person thinks not

Would you like to ask a question like this yourself? Use our Freedom of Information site.