How the UK’s Ministry of Defence is overhauling its internal cloud with a secure by design approach

Harry Gazzard, a solutions architect working for the MoD on its digital transformation project, speaking at a panel at Infosecurity Europe 2024.
(Image credit: Peter Ray Allison)

The UK’s Ministry of Defence (MoD) is developing a strategic cloud project, with the aim of consolidating its existing network architecture and preparing for full-scale cloud adoption in the future.

Harry Gazzard, a solutions architect contractor working for the MoD, presented its approach to developing this cloud network at InfoSecurity Europe 2024.

There are a multitude of threat actors, from organized crime groups to state-sponsored cyber attackers, who would seek to breach the MoD’s cloud network. Therefore, security is naturally a key focus for the project’s development.

The MoD is following the 'secure by design' approach, a UK government framework produced in collaboration with the National Cyber Security Centre (NCSC). It seeks to ensure projects take cyber security into account from the design phase onward and that those responsible for projects are accountable for secure upkeep and the elimination of outdated practices.

Instead of relying on established techniques or making assumptions, the team behind the MoD’s cloud transformation has gone back to basics by asking themselves ‘What does secure by design actually mean?’ 

Although the sensitive nature of the MoD's work prevents the team from being entirely transparent development throughout the process, Gazzard stresses the MoD's security-first design strategy will ensure a secure platform is built. Some form of independent oversight can still be implemented under this system, with the appropriate non-disclosure agreements in place. 

A root and branch approach to attack vectors

One of the key risks facing the cloud platform is malware. In 2020, Anne Neuberger, who was then the director of the cyber security directorate for the US National Security Agency (NSA), identified that 92% of all malware was delivered through the domain name system (DNS). Malware has become an ever-evolving threat vector, with older malware being re-weaponised. Code from older malware can be shared – or stolen – and used in the creation of new malware attacks.

Rather than focusing on attacking the malware directly, the cloud architects are targeting the traffic distribution systems in order to block the malware before it can be deployed within the network.

The DNS is a naming database in which domain names are located and translated into IP addresses. Most activities over the internet rely on the DNS to connect users to remote hosts. The mapping of DNS is distributed across the internet, with governments and other organizations typically having their own assigned ranges of IP addresses and domain names. As such, the DNS became a key focus for deploying cyber security: without a secure DNS platform, the integrity of any cloud architecture could be undermined.

As the MoD air-gaps its critical systems from the wider infrastructure to ensure they remain secure, it is less concerned about direct attacks. But with its secure by design approach at heart, it recognizes there is always value in adding additional protection.

Though its systems are air-gapped, this does not mean they do not talk to other systems at all. For example; critical patches and updates still need to be deployed. Although updates may be uploaded through optical disks or flash drives, the air-gapped systems are still effectively connecting to the outside world, albeit in a controlled manner. There is also the risk of a compromised device being brought into the premises and connecting to the network.

The potential threats facing cloud platforms also include indirect attacks, such as distributed denial of service (DDoS) attacks and DNS poisoning (otherwise known as DNS spoofing and DNS cache poisoning). DNS poisoning is a cyber attack in which attackers insert false information into the DNS to redirect users to a malicious website.

In regard to control channels for screening data packets, one particular challenge is that DNS can be effectively rendered blind if the packets are no longer transparent. This is especially the case with HTTPS. It is designed to protect users by encrypting DNS data, but this also prevents oversight.

Greater automation for threat monitoring

The MoD is taking a proactive approach to security; focusing on detection and prevention by automating processes for advanced DNS Protection, to enable a swifter response to emerging threats. There is continual monitoring, as the threat landscape is constantly changing.

Gazzard highlights the challenges the project faces, most notably the struggle of  creating a platform that is secure whilst simultaneously meeting the needs of multiple departments. With this in mind, the MoD is expanding its internal cloud, with multi-tenant architecture that has the ability to scale, whilst remaining compartmentalized to prevent information leakage.

Many of its existing networks are shifting from being on premise platforms to ones that use shared cloud architecture. The MoD is enabling the different groups within them to build their own platform within the cloud.

Part of its threat monitoring will be reviewing remote system logs that can report emerging threats. This allows cyber security analysts to identify emerging trends within the threat landscape and to adapt their security posture accordingly.

RELATED WHITEPAPER

In recent years, hacking has become industrialized, with DNS being used by malicious actors as a tool to profile users. Awareness of these multifarious threats has meant the UK’s MoD can develop a global cloud platform with a robust end-point security protocol that can protect the organization from attacks.

Updating systems presents several challenges for developing the cloud architecture, as there are stringent policies in regard to importing and exporting data. There are also devices with legacy hardware requirements that will need software updates or to be replaced with a newer version.

Rather than relying on an annual security review, it is shifting to ongoing security assessments, whereby systems are continually assessed to ensure they are adequately protected. Any systems that are identified as being outdated will require investment to become compliant with the new systems, whilst retaining functionality.