Defence CommitteeSupplementary written evidence from the Ministry of Defence

1. What are the respective remits of the Defence Cyber Operations Group and the Global Operations and Security Control Centre? How do they relate to each other? What are the other important relationships for each of the DCOG and the GOSCC?

The UK Defence Cyber Operations Group (DCOG), due to be fully operational by March 2015, is a federation of cyber units across defence—working closely together to deliver a defence capability. It will mainstream cyber security throughout the MoD and ensure the coherent integration of cyber activities across the spectrum of defence operations. This will give MoD a significantly more focussed approach to cyber, by ensuring the resilience of our vital networks and by placing cyber at the heart of defence operations, doctrine and training. The establishment of the DCOG is a four year project and it is currently on track to deliver the appropriate personnel across all four years.

ISS’ Global Operations and Security Control Centre (GOSCC) delivers and assures information and communication services for UK Armed Forces around the clock. Around 200 people work in the GOSCC, a mix of military, MoD civilian and contractor personnel from major industry partners involved in supporting the Defence Network, including Fujitsu, BT DFTS, Cassidian, EADS, Babcock and Paradigm. Their role is to deliver, manage and defend the Defence Network and provide worldwide assured communications for the MoD around the clock, 365 days a year.

2. What will change as the Joint Forces Command assumes leadership for defence cyber capabilities?

As Commander of JFC, Air Chief Marshal Peach will lead on the development of cyber capabilities across Defence—as well as ensuring that they are fully integrated into planning and operations. He will also champion the development of Cyber skills and training across Defence, ensuring that we manage our scarce cyber resource to best effect. Culture and language are also included as part of the wider influence sphere.

The Chief Information Officer (CIO), Mr John Taylor, and COMJFC will operate together closely in a “supporting” and “supported” relationship to achieve a Single Information Enterprise across Defence. The CIO will retain control over how the cyber risk to MoD’s Information and Networks is mitigated and managed.

Cyber policy will remain in Head Office.

3. What are the distinct roles of the Joint Cyber Units hosted at Corsham and at GCHQ?

The Joint Cyber Unit (Corsham) is established and aims to proactively and reactively defend MoD networks 24/7 against cyber attack to enable agile exploitation of MoD information capabilities across all areas of the Department’s operations.

The Joint Cyber Unit (Cheltenham) hosted by GCHQ will reach full operational capability by 2015 and will have the role of developing new tactics, techniques and plans to deliver military effects, including enhanced security, through operations in cyberspace.

4. Where else in MoD are particular responsibilities for cyber-security located (for example, research and development, securing the supply chain)?

The formulation of the DCOG will facilitate the concentration of all MoD cyber expertise within MoD coming together under one structure. The only current exception to this is the GOSCC, which will remain under the DE&S Top Level Budget for the time being. Research and Development is conducted at the DSTL site at Porton Down.

5. How will the DCOG provide support to commanders across the Services? What sort of support is needed, and what are the urgent priorities?

The DCOG will ensure coherence across Defence planning for cyber operations and ensuring that commanders have situational awareness of the impact of cyberspace on their operations, and able to use cyber tools and techniques to assist them in conducting successful operations.

To do this the DCOG will achieve the following by 2015:

Cyber operations fully integrated into Defence, and all staff know how they form part of the essential defence of our networks during their everyday work and interactions;

Clear policy, doctrinal and legal basis surrounding the use of cyber tools and techniques, including the proportionate enemy use of cyberspace;

Cyber included in all planning and operations, with commanders and planners able to see exactly where cyber fits into their operations and the impacts of cyber;

Commanders/staff understand the cyber domain;

Recognised career structure attracting motivated personnel and retaining them after investing in their development;

Greater situational awareness of our networks;

Suite of cyber capabilities developed in concert with GCHQ;

Robust structures for intelligence support with GCHQ;

Agile procurement and rapid pull through of R&D;

Cyber security and resilience factored into all MoD equipment; and

Links established with key Allies.

6. What is the vision for how cyber skills will be developed and deployed throughout the Armed Forces? Will these skills be integrated, or remain in a separate strand?

Cyber skills will be embedded across Defence by 2015 and mainstreamed into every relevant training intervention at the appropriate level of detail. Content will be driven by the training need identified in our Training Needs Analysis by target audience. Specialist training will be provided to those specific roles within the Defence Cyber Operations Group, and wider targeting and Cyber planning roles; their skills will be recorded against a cyber competency framework on our HR systems. External frameworks used across Industry and Government will be used wherever possible (eg SFIA for IT and IISP for Information Assurance) to ensure coherence with partners.

At the same time, all Defence personnel will receive varying degrees of cyber education and awareness according to their role. For those in operational command roles this will include the impact of cyberspace as a domain of operations and its integration within operations. This training will be embedded with other command and staff training.

We are also working with Other Government Departments (OGDs) to understand where Defence may be well placed to provide pan-departmental training. This is being conducted in tandem with the Cabinet Office.

7. What impact will be apparent from the Defence Cyber Security Programme over the period before the next SDSR? What will have changed within the MoD and the Armed Forces?

By the next SDSR, the DCSP will push forward the development of tools and techniques that will allow greater situational awareness of our networks, however this can never fully guarantee that any network will be 100% safe and secure. We will also be looking to ensure that cyber security and resilience is factored into all MoD equipment. We will have created a culture of cyber awareness within the MoD that will equip all staff with the necessary level of cyber hygiene to defend themselves, both at home and at work, from the most common threats emerging from cyberspace. It is estimated that 80% of the threat we face can be mitigated by equipping users with the knowledge and right behaviours to stay safe.

We will also have in place a clear procurement route and greater agility when it comes to cyber R&D. This is essential if we are to keep up with the ever accelerating pace of change within cyber. This is not just true of our equipment, but also of our people. To that end, the DCSP will put in place a recognised career structure attracting motivated personnel and retaining them after investing in their development.

Finally we will develop a suite of cyber capabilities developed in concert with GCHQ, supported by clear policy, doctrinal and legal basis surrounding the use of cyber tools and techniques, including the proportionate enemy use of cyberspace. All commanders and operational planners will be educated in cyber to understand the cyber domain, its impact and where it fits into their operations. Cyber will also be included in all planning and operations.

8. What is the MoD contribution to the overall UK Cyber Security Strategy?

The MoD has a close and productive working relationship with the Cabinet Office, and has played a major role in the development of both the UK National Cyber Security Strategy and programme. We have worked together to share best working practice, in particular on programme documentation. The Department reports to the Cabinet Office on the progress of the DCSP on a monthly and quarterly basis, and sends representatives to the National Cyber Security Programme Strategic Investment Board and Cyber Delivery Group meetings.

9 May 2012

Prepared 12th March 2013