UK Defence Cyber Protection Partnership (DCPP) (22/8 rev)

The UK government and a number of industry partners established the Defence Cyber Protection Partnership (DCPP) to combat the emerging cyber threat. The DCPP will look to increase the awareness of cyber risks within the defence industry, share threat intelligence and work towards defining and applying cyber security standards.

The partnership includes the Centre for the Protection of National Infrastructure, Government Communications Headquarters, the Ministry of Defence and 9 companies: BAE Systems, BT, Cassidian, CGI, Hewlett Packard, Lockheed Martin, Rolls-Royce, Selex ES and Thales UK.

see also:

• UK Government launches information sharing partnership on cyber security
• The UK cyber security strategy: Landscape review (National Audit Office)

The Defence Cyber Protection Partnership (DCPP) aims to meet the emerging threat to the UK defence supply chain by increasing awareness of cyber risks, sharing threat intelligence, and defining risk-driven approaches to applying cyber security standards.
The DCPP will identify and implement actions that have a real impact on the cyber defences of the members of the Partnership and the UK defence sector as a whole. The DCPP model is intended to lead the way in industry collaboration and action on cyber security and to act as a useful template which can then be followed by commercial sectors to improve resilience across UK industry.

Minister for Defence Equipment, Support and Technology, Philip Dunne, said:

• “I’m absolutely delighted by the level of commitment shown by the participating companies in helping us to build our national resilience against cyber attack, and I look forward to more of our key contractors coming on board.”
• “This is a clear demonstration that government and industry can work together – sharing information, experience and expertise – to make sure we do everything we can to protect these critical networks, ensuring that the business of Defence is robustly protected.”

Three areas of focus

1. The Partnership will focus on three specific areas during 2013: increasing awareness of cyber risks across the supply chain; defining risk-driven approaches to applying cyber security standards; and sharing threat intelligence.
2. Working with the trade associations ADS and Intellect, DCPP will raise awareness and improve the understanding of cyber security risks, in particular by taking a pro-active stance to increase security of the wider defence supply chain through highlighting the need for protective measures.
3. Using existing industry standards as a foundation, the DCPP will define a risk-based and coherent approach to implementing cyber security standards across its members and its supply chain partners. By defining a framework which enables a proportionate application of controls, the DCPP will be able to provide guidance to organisations in the defence supply chain operating at different levels of risk exposure and complement the work on organisational standards being led by the Department for Business Innovation and Skills.

Organisations within the DCPP will also share threat intelligence and wider expertise on tackling cyber threats from the defence sector with other industry sectors and government through the recently announced national Cyber Security Information Sharing Partnership.

Vic Leverett, the Chair of the DCPP Chair, said: “This is an issue which demands a concerted and coordinated approach between Government and Industry and the DCPP is a critical component of this. Collaboration between industries and with Government has been first class, reflecting the joint commitment to succeed with our 2013 objectives. The whole is proving to be significantly better than the sum of the parts.”

The defence industry is notorious for its closed-door partnerships with companies often keen on the idea of sharing intelligence for the greater good but then being less than proactive on seeing it through. The issue of cyber should – and must – be different. The national security threats posed by cyber espionage from foreign and hostile governments compromise the UK’s leading defence edge and, for a market already waning under budget cuts and international completion, cannot be allowed to falter any further.