Strategy document outlines eight core pillars covering personnel, infrastructure, risks, and culture, with the aim of ensuring all services are resilient to cyberattack and secure design processes are universally adopted
The Ministry of Justice has published a dedicated cybersecurity plan outlining its intent for secure design practices to underpin all the organisation’s operations while ensuring services across the justice system are well-defended against attack.
The strategy, which covers the 2023 to 2028 period, sets as its foundation an underlying Strategic Vision and Strategic aim for the five-year timeframe.
The vision is to ensure that “every critical Justice service is resilient to cyberattack” while the aim is to “embed ‘secure by design’ thinking into everything the department does, ensuring everyone working in justice can confidently perform their security responsibilities”.
The strategy sits alongside both an existing digital strategy for the MoJ and the wider Government Cyber Security Strategy.
“However, the unique nature of the MoJ’s role in government means there are more specific threats that need to be considered in some contexts,” the ministry’s cyber strategy says. “For example, the threats associated with deploying IT solutions into prison environments are ones that lack parallels in other departments. The In-Cell Technology programme, where prisoners have access to laptops, exemplifies this; it required careful consideration of layered defences, and operational security techniques to ensure a suitable security approach. This helps ensure that despite giving devices to those with the time, the motivation, and the capability to attack them, we have confidence in the overall solution.”
The plan adds that while, “as a government department, we are naturally a target for foreign state attackers seeking intelligence gains… our focus is preventing non-state actor-level attacks , as this will provide the best return on investment for the taxpayer”.
The cyber policy sets out eight “strategic pillars” covering various “strands of activity”:
- Establishing and developing the MoJ security profession
- Creating a positive security culture
- Ensuring secure by design services
- Continuing to harden our enterprise estates
- Effective security operations
- Having confidence in our security measures
- Effective management of cybersecurity risks
- Securing the justice community
The creation of a dedicated security profession will see the MoJ developing a framework “covering all related roles across the department [to] unlock a level of professional development support for all cyber security staff, to help one another with challenging tasks, establish a central pool of expertise for more serious incidents, and to help the department to create an effective and positive security culture”.
The implementation of secure-by-design approaches, meanwhile, will require the MoJ to “adopt existing common security patterns and establish automated guard rails to help teams develop and operate in a secure environment by design”.
Work to harden the ministry’s infrastructure will involve ongoing work to improve processes for those joining, leaving or moving roles within the department, with the aim to “significantly improve our identity and access management approach to ensure that the majority of staff access to critical systems will be through a single identity, enabled through strong passwordless technology”.
To help boost confidence in the department’s security measures, the MoJ aims to “improve supplier and partner assurance… [and] implement our assurance framework for the third-party organisations the department relies upon… [to] ensure our suppliers and partners, both existing and newly on-boarded, are clear on the security requirements they need to achieve to protect our information and systems”.
Related content
- MoJ signs £60m deal to maintain 35 ageing apps across courts system
- Courts service signs £30m deal for roving digital ‘squads’ to support reform programme
- MoJ’s adoption of digital pay framework has enabled £22m boost to salary offers
The pillar dedicated to the management of risks will see a senior responsible owner appointed to oversee the security of every IT system used across the department.
The MoJ will also “refresh our processes and guidance to ensure that all security risks are identified, analysed, prioritised and managed, including deployment of a central governance, risk and compliance solution [and] ensure that agency CEOs, functional leads, and SROs all have clear security accountabilities… accompanied with bespoke training for key roles to ensure those making decisions about security risks are equipped to make effective choices”.
The final pillar – securing the justice community – is perhaps the most complex, with the strategy acknowledging that “we will not solve the problem in the short term, but we will dedicate resource to begin working on how to address it”. This will begin with defining the problem and establishing a “roadmap that begins to address this issue over the lifetime of the strategy”.
Work in this area will be supported by a newly created “small cyber and justice policy team to collaborate with other government departments, the wider justice sector and academia”.
The strategy outlines that the MoJ has “over 1,000 IT services used to run large operational processes, [of which] under 100 are judged to be modern digital services”. Systems across the department are also home to more than 100 million files containing 350 terabytes of “unstructured digital data”.
“The legacy services have many different support models, commercial arrangements and rely on different underlying technology,” the strategy says. “Teams must make difficult priority decisions about operating existing systems, building required features, and undertaking security improvements; deferring investment in maintenance and support leads to vulnerabilities. A vast number of spreadsheets, databases and applications are used to manage the work of the department.”
In her foreword to the document, MoJ permanent secretary Antonia Romeo said that the strategy reflects the ministry’s duty to “protect sensitive data to deliver crucial work for citizens”.
“Our strategy is focused on threats we are most likely to face, and the most critical technology systems that the MoJ rely on,” she added. “The strategy is not just about technical security measures, it is also about having the right people and the right culture in place to embed security into everything the department does.”
I just couldn’t depart your website before suggesting that I really enjoyed the standard info a person provide for your visitors? Is gonna be back often to check up on new posts
Thanks for your write-up. My spouse and i have usually seen that the majority of people are desperate to lose weight because they wish to show up slim as well as attractive. Nevertheless, they do not constantly realize that there are additional benefits just for losing weight as well. Doctors state that obese people are afflicted with a variety of conditions that can be perfectely attributed to their excess weight. The good news is that people who sadly are overweight along with suffering from various diseases are able to reduce the severity of their own illnesses by losing weight. It is possible to see a constant but noted improvement with health while even a slight amount of weight-loss is obtained.
wonderful issues altogether, you just gained a logo new reader. What could you recommend about your post that you made some days in the past? Any sure?
I know this if off topic but I’m looking into starting my own weblog and was curious what all is required to get set up? I’m assuming having a blog like yours would cost a pretty penny? I’m not very internet savvy so I’m not 100 certain. Any recommendations or advice would be greatly appreciated. Cheers
Out of my research, shopping for electronic products online can for sure be expensive, however there are some guidelines that you can use to acquire the best bargains. There are often ways to obtain discount deals that could help make one to have the best electronic devices products at the cheapest prices. Good blog post.
Thanks for sharing. I read many of your blog posts, cool, your blog is very good.
¡Qué gran publicación! Tu contenido resalta por su profundidad y su impecable redacción. Es un agrado encontrar publicaciones tan cuidadas que aporta tanto valor. ¡Enhorabuena por tu trabajo!
https://madreviewer.tistory.com/entry/EC8AA4ED8594EC8AA4-EC98A4EBAFB8ED81ACEBA1A0-ECA69DEC8381-EBB08F-EBACB8ECA09CECA090
https://download-install.com/tag/이더리움
https://klero.tistory.com/tag/전주교차로20채용정보
대전세븐나이트
아름다운스웨디시업소
https://bestkkultip.tistory.com/30
대전세븐나이트