Secure by Design Up-skilling Challenge
Challenge Summary
How do we up-skill UK defence in ‘Secure by Design’ approaches?
MOD policy assumes that those engaged with ‘Secure by Design’ activities are suitably qualified and experienced. However, applying ‘Secure by Design’ requires a ‘one team’ approach across UK defence where different roles - both within MOD and the broader supply chain - play a part in delivering and maintaining resilient capabilities.
Each role is associated with a body of knowledge, and effective and efficient approaches are needed to deliver this knowledge to create a robust Suitably Qualified and Experienced Personnel (SQEP) pipeline.
Problem Context
The Ministry of Defence has mandated ‘Secure by Design’ approaches across all projects delivering capabilities or services, ensuring security is considered from the outset and through life. This represents a fundamental shift in design thinking about security, requiring new skills and competencies across the entire defence ecosystem.
Current Challenges
- Skills Gap: Insufficient personnel with ‘Secure by Design’ expertise across MOD and supply chain
- Knowledge Distribution: Fragmented understanding of what constitutes effective ‘Secure by Design’ knowledge
- Training Delivery: Lack of scalable, effective mechanisms for delivering specialized knowledge
- Competency Assessment: No standardized framework for measuring ‘Secure by Design’ capabilities
Scale of Impact
- £50M+ annual value in improved security outcomes and reduced capability vulnerabilities
- 10,000+ personnel across MOD and supply chain requiring up-skilling
- Critical capability protection for national security interests
- Supply chain strengthening to support UK defence industrial base
Challenge Requirements
We are seeking innovative solutions that address one or more of the following sub-challenges:
1. Mapping the Body of Knowledge
Challenge: Define the complete knowledge landscape for MOD’s ‘Secure by Design’ approach
Requirements:
- Map relevant knowledge from the Cyber Security Body of Knowledge (CyBOK)
- Identify intersecting knowledge areas (safety, software, systems, human factors engineering)
- Define knowledge requirements for different roles and experience levels
- Create a comprehensive curriculum framework
Success Metrics:
- Complete knowledge mapping covering all relevant domains
- Role-specific competency definitions
- Integration with existing UK defence training standards
2. Delivery Mechanisms
Challenge: Create scalable, effective training delivery mechanisms for diverse audiences
Requirements:
- Support for graduates, apprentices, and experienced professionals
- Integration with undergraduate/postgraduate programmes
- Flexible delivery models (online, in-person, blended)
- Continuous learning and professional development pathways
Success Metrics:
- Training programmes delivered to 1,000+ personnel annually
- Integration with 10+ academic institutions
- 90%+ completion rates with demonstrated competency improvement
3. Competency Frameworks
Challenge: Develop measurable competency frameworks for different expertise levels
Requirements:
- Awareness, practitioner, and expert level definitions
- Skills measurement and assessment tools
- Career progression pathways
- Industry-wide standards for MOD and suppliers
Success Metrics:
- Standardized competency framework adopted across MOD
- Assessment tools with validated measurement criteria
- Professional certification pathway established
Proposed Solution Characteristics
Successful solutions should demonstrate:
- Scalability: Ability to train thousands of personnel annually
- Effectiveness: Measurable improvement in ‘Secure by Design’ capabilities
- Integration: Compatibility with existing MOD and industry training systems
- Innovation: Novel approaches to knowledge delivery and competency development
- Sustainability: Long-term viability and continuous improvement mechanisms
Response Guidelines
Phase 1: Initial Proposal (Due: March 31, 2025)
- Problem analysis and proposed approach (5 pages maximum)
- Technical solution overview with key innovations
- Delivery timeline and implementation plan
- Team credentials and relevant experience
- Initial cost estimates and resource requirements
Phase 2: Detailed Development (Selected proposals)
- Comprehensive solution design and architecture
- Pilot programme proposal for testing and validation
- Business case with detailed cost-benefit analysis
- Risk assessment and mitigation strategies
- Campaign readiness plan for scaling successful pilots
Support Available
MOD will provide selected solution providers with:
- Subject matter expertise access to ‘Secure by Design’ practitioners
- Pilot environments for testing and validation
- Data access to existing training programmes and competency assessments
- Stakeholder engagement with key MOD and industry partners
- Campaign support for successful solutions requiring cross-sector investment
Evaluation Criteria
Proposals will be assessed on:
- Innovation (25%): Novel approaches and technologies
- Feasibility (25%): Technical and practical viability
- Impact (20%): Potential for transformational change
- Scalability (15%): Ability to scale across defence ecosystem
- Team (15%): Relevant expertise and track record
Related Challenges
This challenge connects with other MOD ‘Secure by Design’ initiatives:
- Information Sharing in Secure Environments
- Early-Stage Security Integration
- Through-Life Security Support
Contact Information
Challenge Lead: Dr. Sarah Williams
Email: secure.design@mod.gov.uk
Phone: 020 7218 4000
Technical Queries: Prof. James Mitchell
Email: technical.queries@mod.gov.uk
Information Sessions
Regular information sessions are held:
- Monthly briefings: First Thursday of each month, 14:00-15:30
- Technical deep dives: On request for serious potential respondents
- Industry forums: Quarterly meetings with key suppliers and academics
This challenge is published under the Secure by Design Problem Book initiative, supporting MOD’s commitment to improving security through collaborative innovation.