The rollout and implementation of the cross-government Secure by Design approach is well underway. It's great to see departments and arm’s length bodies (ALBs) motoring ahead with its implementation and starting to embed this philosophy across their security practices for digital delivery. You may have recently heard Secure by Design being mentioned in Parliament in the statement and debate about the global Crowdstrike issue.
The implementation of Secure by Design is a multifaceted endeavour. Each government organisation faces unique challenges and opportunities on their journey towards full integration.
As part of the roll-out we have prioritised government organisations into two groups. The first group - with ministerial departments, and arm’s length bodies (ALBs) managing Critical National Infrastructure or Top 75 services - is currently in the preparation and piloting stages of implementation. Meanwhile, the second group, consisting of the remaining ALBs, executive agencies, and treasury-funded regulators, will formally join the rollout from January 2025 (although many are already taking proactive steps).
The importance of the Secure by Design Champions
Central to the successful adoption of the Secure by Design approach are the champions appointed within each organisation. These individuals, nominated by Chief Digital Information Officers and other senior leaders, will play a pivotal role in driving day-to-day implementation. Together with a multidisciplinary working group, they will lead on stakeholder engagement, readiness assessments, developing transition plans and ensuring alignment with overarching strategic goals.
Recently, we’ve focused on supporting champions from the first group by hosting awareness webinars and running kick-off meetings. The kick-off sessions aim to build a mutual understanding of implementation plans and each organisation’s specific context including structure, resources and ongoing cyber security efforts.
If you would like to arrange an awareness session on our Secure by Design approach, please contact us at secure-by-design@digital.cabinet-office.gov.uk. Our team is ready to provide detailed information and answer any questions you may have.
Key steps and resources for preparing
As we move forward, essential resources - including an implementation guide, preparation checklist and communication toolkit - have been made available at Implementing Secure by Design. These resources will empower organisations to assess their readiness, plan their transition, and communicate effectively with stakeholders. For those government organisations now implementing Secure by Design, here are the immediate actions to prioritise:
- Familiarise yourself with the Secure by Design approach including the policy and mandatory principles.
- Establish a cross-functional working group to ensure comprehensive integration of the Secure by Design approach into the relevant ways of working and policies.
- Assess your organisation’s readiness towards meeting the Secure by Design principles using the Secure by Design preparation checklist we have provided.
- Develop a structured transition plan that aligns with your readiness assessment outcomes and organisational priorities.
- Engage and collaborate by joining our weekly surgeries and slack channel #xgov-secure-by-design-implementation or signing up for our regular newsletter.
Stay tuned
Secure by Design is not merely a cyber security initiative but a transformative approach that enhances digital resilience across government. By embracing this approach, we are poised to elevate our cyber security standards and safeguard critical infrastructure effectively.
Stay tuned as we continue to navigate this transformative journey towards a more secure digital future. Together, we can ensure that Secure by Design becomes ingrained in every facet of our digital operations, reinforcing our commitment to cyber resilience.
Previous CDDO blogs on Secure by Design
2 comments
Comment by David H. Deans, GeoActive Group posted on
This is a thoughtful step toward improving the security posture of UK government departments. The 'Secure by Design' approach emphasizes proactive measures to build security into systems from the ground up, rather than as an afterthought.
This will be much more effective in the long run.
I especially appreciate the emphasis on Secure by Design Champions. Having a dedicated individual or team to drive the enhanced process implementation will be essential to ensuring the initiative's success.
Comment by Graham Noyce posted on
How does this link up with the TCoP and Service Standard?