Skip to main content

This is a prototype vision of how a future government service could work. It's not a real service yet, but we're exploring what it could look like. Your feedback will help shape the real service.

Secure Information Sharing Challenge

Posted on Tags: Defence, security, Information Architecture, Cross-boundary Collaboration, Capability Protection

Ministry of Defence Challenge

High-complexity challenge with significant impact potential

This challenge addresses fundamental information sharing barriers in secure environments. Solutions may be developed into major collaborative campaigns.

Challenge Summary

How does ‘Secure by Design’ account for unevenly distributed information and knowledge?

In theory, ‘Secure by Design’ assumes the presence of professional engineers in a position to openly exchange information and knowledge with other engineers and stakeholders. In practice, information and knowledge in UK defence is not evenly distributed, and security concerns might span organisational and disciplinary boundaries.

Not all asymmetries can be addressed by changes to culture. Therefore, ‘Secure by Design’ approaches need to account for intentional and unintentional inhibitors to sharing and transparency.

Problem Context

The defence ecosystem operates under unique constraints where critical information cannot always be shared openly, yet effective ‘Secure by Design’ implementation requires collaboration across multiple boundaries. This creates fundamental tensions between security requirements and engineering best practices.

Current Challenges

  • Capability Protection: Threat models and security requirements cannot always be shared with suppliers
  • Export Restrictions: International suppliers face limitations on information sharing
  • Intellectual Property: Commercial sensitivity limits transparency in technical solutions
  • Disciplinary Barriers: Security expertise not evenly distributed across engineering disciplines
  • Organisational Boundaries: Information sharing policies vary across MOD and suppliers

Scale of Impact

  • £75M+ annual value through improved collaboration and reduced security vulnerabilities
  • 500+ programmes requiring enhanced information sharing approaches
  • Critical national capabilities dependent on secure multi-party collaboration
  • International partnerships requiring new sharing paradigms

Challenge Requirements

We are seeking innovative solutions that address one or more of the following sub-challenges:

1. Capability Protection Solutions

Challenge: Share sufficient evidence with suppliers while protecting sensitive information

Requirements:

  • Techniques for sharing threat models without revealing sources and methods
  • Risk information disclosure mechanisms that maintain operational security
  • Security requirement communication that enables effective design
  • Automated classification and sanitization of technical documentation

Success Metrics:

  • 80% improvement in supplier understanding of security requirements
  • Maintained OPSEC standards with enhanced collaboration
  • Reduced security review timelines by 50%

2. Supplier Assurance Mechanisms

Challenge: Enable suppliers to provide MOD assurance without compromising competitive advantage

Requirements:

  • Privacy-preserving assurance techniques
  • Intellectual property protection in security validation
  • Export control compliant information sharing
  • Competitive advantage preservation while demonstrating security

Success Metrics:

  • Standardized assurance frameworks adopted by 100+ suppliers
  • 90% reduction in IP-related sharing conflicts
  • Enhanced MOD confidence in supplier security implementations

3. Cross-Disciplinary Knowledge Sharing

Challenge: Distribute security design knowledge across different engineering disciplines

Requirements:

  • Multi-disciplinary security design tools and techniques
  • Translation mechanisms between security and domain expertise
  • Concurrent engineering approaches for secure design
  • Knowledge sharing platforms for distributed teams

Success Metrics:

  • Security knowledge accessible to non-security specialists
  • 70% improvement in cross-disciplinary collaboration effectiveness
  • Reduced security-related design iterations by 60%

Proposed Solution Characteristics

Successful solutions should demonstrate:

  • Security by Design: Solutions must themselves embody secure design principles
  • Scalability: Applicable across hundreds of programmes and thousands of personnel
  • Flexibility: Adaptable to different classification levels and organizational contexts
  • Usability: Intuitive for users without extensive security expertise
  • Auditability: Comprehensive logging and compliance tracking capabilities

Technical Approaches of Interest

We are particularly interested in solutions leveraging:

  • Zero-Knowledge Proofs: Demonstrating security properties without revealing implementation details
  • Secure Multi-Party Computation: Collaborative analysis without data sharing
  • Differential Privacy: Statistical disclosure while protecting sensitive information
  • Homomorphic Encryption: Computation on encrypted data
  • Blockchain/DLT: Immutable audit trails and decentralized trust
  • AI/ML: Automated classification and knowledge extraction
  • Digital Twins: Secure modeling and simulation environments

Response Guidelines

Phase 1: Concept Proposal (Due: April 30, 2025)

  • Technical approach overview with key innovations (8 pages maximum)
  • Security analysis of proposed solution
  • Stakeholder impact assessment across MOD and supplier communities
  • Proof of concept plan and validation approach
  • Resource requirements and timeline

Phase 2: Prototype Development (Selected proposals)

  • Working prototype demonstrating core capabilities
  • Security evaluation by independent assessors
  • User testing with real MOD and supplier scenarios
  • Scalability analysis and deployment planning
  • Campaign development for full-scale implementation

Support Available

MOD will provide selected solution providers with:

  • Classified environments for testing and validation
  • Subject matter experts across security and domain disciplines
  • Real programme data (appropriately sanitized) for testing
  • Stakeholder access to MOD and supplier communities
  • Security clearance support for key personnel
  • Intellectual property protection assistance

Evaluation Criteria

Proposals will be assessed on:

  1. Technical Innovation (30%): Novel approaches to fundamental challenges
  2. Security Robustness (25%): Demonstrated security properties and assurance
  3. Practical Applicability (20%): Real-world deployment viability
  4. Impact Potential (15%): Transformational effect on defence collaboration
  5. Team Capability (10%): Track record in secure systems and collaboration

Success Stories

Examples of innovative approaches already emerging:

  • Secure Analytics Platforms: Enabling joint analysis without data sharing
  • Privacy-Preserving ML: Training models on distributed sensitive datasets
  • Automated Sanitization: AI-powered classification and redaction tools
  • Collaborative Design Environments: Secure multi-party engineering platforms

This challenge connects with other MOD ‘Secure by Design’ initiatives:

Contact Information

Challenge Lead: Dr. Emma Richardson
Email: information.sharing@mod.gov.uk
Phone: 020 7218 4100

Security Queries: Group Captain Michael Davies
Email: security.queries@mod.gov.uk

Technical Queries: Prof. Linda Chen
Email: technical.architecture@mod.gov.uk

Engagement Opportunities

  • Monthly technical seminars: Third Wednesday of each month, 10:00-12:00
  • Industry roundtables: Quarterly sessions with key suppliers and researchers
  • Academic workshops: Bi-annual events with leading universities
  • International forums: Annual conferences on secure collaboration

This challenge addresses critical needs identified in the Secure by Design Problem Book, supporting secure collaboration across the UK defence ecosystem.