MoD appoints £2m cyber specialist to test Army IT vulnerabilities

Written by Sam Trendall on 23 September 2022 in News
News

Firm will be asked to assess existing and new tech platforms 

Credit: PxHere

The Ministry of Defence has awarded a potential £2m contract to a specialist supplier that will be tasked with testing for cyber vulnerabilities in the Army’s IT infrastructure and applications.

The deal, which comes into effect on 1 October, covers the provision of “code-assisted vulnerability assessments and penetration testing security assessments on both new and in-service applications [and] infrastructure”, according to newly published commercial information. 

These assessments relate to the infrastructure of two hosting facilities run by the Army Digital Services unit – the Joint Server Farm (JSF) and the Army Hosting Environment (AHE) – and all data and programs stored in each.

The JSF contains only information classified at the government's lowest-grade ‘Official’ status and can be accessed from any internet-connected computer via the Defence Gateway online login system.

The AHE, meanwhile, hosts data up to ‘Secret’ classification and other sensitive information. A breach of this environment “could not only be damaging to the Army's reputation, it could jeopardise potential operations [and] could also incur fines from the Information Commissioner”, according to the contract award notice.


Related content


“An attack to disrupt any of the services ADS provides would significantly erode the Army's ability to operate, as many of the systems support day-to-day activities and processes,” it added. “It is, therefore, imperative that vulnerabilities are identified and remedied/mitigated to reduce the risk of these occurrences.”

To help ensure the security of all storage facilities and the data they house, Manchester-based cybersecurity consultancy NCC Group will, over the next two years, be asked to perform a variety of vulnerability assessments and penetration-testing exercises.

“[These] security assessments… are used to identify vulnerabilities in code and infrastructure – networks, servers, operating systems and applications – that could potentially be exploited,” the procurement notice said. “Attackers can be hackers trying to gain access into our network or systems, state sponsored activists or an insider threat. They will aim to either extract information that is held on applications and hosting environments or cause extensive disruption to services.”

All new applications that will be run from either the JSF or AHE environment will be required to undergo a vulnerability assessment, the MoD indicated. 

“Existing applications, hosting environments and platforms must be [assess] on a rolling programme to ensure any changes do not increase vulnerability and potential for being attacked,” it added.

The engagement with NCC will run for an initial term of two years, with a baseline value of £459,000 – plus up to £1.5m extra to be spent on an ad hoc basis. Upon its conclusion on 30 September 2024, the deal can be extended for a further year at the MoD’s discretion.

 

About the author

Sam Trendall is editor of PublicTechnology. He can be reached on sam.trendall@dodsgroup.com.

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

Government appoints £2m firm to help build search tool for citizens’ internet records
29 July 2022

Defence contractor BAE Systems wins Home Office contract 

MoD unveils £16m SME fund for defence innovation
28 July 2022

Ministry claims programme will help Armed Forces and industry

Government reveals ambition to drastically reduce cybercrime
21 September 2022

Consultation launched on how to ‘reduce the security burden on citizens’

Government’s cyber plan delivers ‘a complete revolution in how we provide assurance’
26 August 2022

The recently published Government Cyber Security Strategy set out a range of ambitions to make the public sector safer. PublicTechnology gathered a panel of experts to find out more about...