Defence department has this month signed a deal until 2028, becoming the latest government agency to hire a provider to help test its cyber resilience by delivering red team services

The Ministry of Defence has awarded a six-figure contract for a specialist supplier to mimic the actions of hostile cyber actors.

On 5 March the department entered into a three-year deal with defence, aerospace and security firm Leonardo. Between now and 2028, the Italian-headquartered company will provide the MoD with “red team and cyber adversary simulation” services.

The deal is expected to be worth £1.53m to the supplier.

While most of the detail has been redacted from the published contracts, Leonardo’s website provides plentiful information on “adversary emulation – our red teaming service – [which] focuses on finding and validating security flaws that can be exploited by malicious attackers, testing in advance the measures already adopted by organisations”.

Related content

• How GovAssure is bringing ‘rigour and objectivity’ to departments’ cyber credentials
• Departments to undergo independent audits of cyber resilience
• Cyber Security Week: How the police is leading a resilience revolution

The site adds: “Red teaming delivers a safe real-world adversary emulation of a cyberattack against your organisation or digital system. It is based on current real-world tactics, techniques and procedures of specific cyber threat actors, executed safely across a marshalled cyber kill chain.”

The MoD has become the latest in a growing number of Whitehall departments to invest in red team services and attack simulations in recent months.

About six months ago, the Government Digital Service retained a supplier to provide “threat-led, live cyberattack simulation… based on current threat intelligence”. In late 2023, meanwhile, the Cabinet Office-based Government Security Group signed off  a cumulative total of more than £2m in contracts with four suppliers to support a centralised simulated attack service to be used across Whitehall.

Those GBEST and GCASE services are operated by the Cabinet Office’s own in-house Government Security Red Team – a unit which PublicTechnology exclusively revealed in late 2022 was to conduct a programme of hostile digital and in-person reconnaissance to identify departmental vulnerabilities.