How do you ensure DII is secure - and remains so?

By balancing the seamless exchange of information with the need to keep the network absolutely secure.

Security is a major issue for every sector of the IT industry, but nowhere is this need more acute than in Defence. One of the major challenges for the ATLAS Consortium was to provide a secure infrastructure, which enabled information to flow effectively from Unclassified to Above Secret domains.

This meant ensuring that information could be shared across Restricted and Secret domains as well as making sure that critical security information could be exchanged efficiently within the MOD.

Protecting National Security

There is no greater challenge than to protect National Security. In the last decade or so, the changing nature of the threats faced and in particular, the scale and sophistication of cyber attacks, have resulted in an even more pressing need for constant vigilance. Meeting the challenge requires a secure and robust infrastructure, capable of supporting the latest security measures - and enabling the fast and efficient flow of information between the MOD, the UK Secure Government and its partners to manage and reduce threat.

A trusted platform

Every day, DII is proving to be a system which can be trusted to deliver a secure and coherent infrastructure.

As a result, there is already a significant improvement in the information flow between the MOD and UK Secure Government and its partners, including NATO, critical to improving operation capability.

This will ultimately help strengthen National Security by supporting and sustaining partnerships within the MOD, the Armed Forces, and with other Government Departments such as the police, intelligence and security services - and allies.

The DII platform is designed and built in such a way that any application on it is controlled and monitored…

24/7

…protecting it from attacks and infected hosts and keeping the DII infrastructure unaffected.

Today, ATLAS security experts are in constant contact and work closely with cyber security teams in the MOD and Government, to provide instant security advice to over 8,000 MOD Local Security Officers through a dedicated portal.

A system with security built-in from the ground up

In order to meet the exacting security standards needed to protect National Security and ensure the secure and coherent infrastructure of DII, there first had to be extensive knowledge and understanding of what these standards were to be - and why they were in place.

Given the importance of protecting National Security, ATLAS and the MOD jointly developed a uniquely detailed assessment. Government policies provided a level of guidance, but working together with deeper focus provided a far more robust approach to re-assessing risk and ensuring the presence of adequate security controls against ongoing, changing

threats across the whole of the Defence sector. This new and highly detailed methodology enables a flexible approach to security assurance and accreditation activities.

It also helps ensure the right balance can be struck between maximising functionality to the user whilst maintaining the integrity and strength of security.

Strength of security across the system

Monitor and alert

There’s only one way to address the constant threat to the DII infrastructure - from both within the UK and further afield - and that’s to put in place a strict monitoring and alerting regime across the entire DII estate. That’s exactly what the ATLAS Consortium has done for the MOD, delivering the capability to identify threats and resolve them. This isn’t a one-off action. The system is regularly audited to ensure in-service compliance with security controls and mitigations to known risks being constantly developed and improved.

Security drives design

There can be no compromise when it comes to protecting National Security. This is evident in the way ATLAS and the Defence Information Services Team carried out extensive risk assessments on the DII solution at an early stage, driving the production of hundreds of very detailed security requirements which were then applied prior to the design stage. With this approach, security helps dictate the design, rather than the design dictating the level of security. 

Constant change

Having set very high standards of security across DII, ATLAS also ensures these standards are maintained. For each change or release of new capability, there are rigorous risk assessments and accreditations to ensure the right security controls are always in place. Constant change is met with constant vigilance. ATLAS has delivered a secure infrastructure, providing security and resilience in its networks at a significantly higher level than the legacy systems it replaced.

Cyber security teams

As part of the DII programme, there are well developed joint working initiatives which draw upon the expertise of specialist security advisors, including CESG advisors from the National Technical Authority for Information Assurance. With ATLAS security experts in constant contact with cyber security teams in the MOD and Government, this ensures the latest security information is available, analysed and acted upon - and that incidents are documented and followed up appropriately.