Secure Information Sharing Challenge
Challenge Summary
How does ‘Secure by Design’ account for unevenly distributed information and knowledge?
In theory, ‘Secure by Design’ assumes the presence of professional engineers in a position to openly exchange information and knowledge with other engineers and stakeholders. In practice, information and knowledge in UK defence is not evenly distributed, and security concerns might span organisational and disciplinary boundaries.
Not all asymmetries can be addressed by changes to culture. Therefore, ‘Secure by Design’ approaches need to account for intentional and unintentional inhibitors to sharing and transparency.
Problem Context
The defence ecosystem operates under unique constraints where critical information cannot always be shared openly, yet effective ‘Secure by Design’ implementation requires collaboration across multiple boundaries. This creates fundamental tensions between security requirements and engineering best practices.
Current Challenges
- Capability Protection: Threat models and security requirements cannot always be shared with suppliers
- Export Restrictions: International suppliers face limitations on information sharing
- Intellectual Property: Commercial sensitivity limits transparency in technical solutions
- Disciplinary Barriers: Security expertise not evenly distributed across engineering disciplines
- Organisational Boundaries: Information sharing policies vary across MOD and suppliers
Scale of Impact
- £75M+ annual value through improved collaboration and reduced security vulnerabilities
- 500+ programmes requiring enhanced information sharing approaches
- Critical national capabilities dependent on secure multi-party collaboration
- International partnerships requiring new sharing paradigms
Challenge Requirements
We are seeking innovative solutions that address one or more of the following sub-challenges:
1. Capability Protection Solutions
Challenge: Share sufficient evidence with suppliers while protecting sensitive information
Requirements:
- Techniques for sharing threat models without revealing sources and methods
- Risk information disclosure mechanisms that maintain operational security
- Security requirement communication that enables effective design
- Automated classification and sanitization of technical documentation
Success Metrics:
- 80% improvement in supplier understanding of security requirements
- Maintained OPSEC standards with enhanced collaboration
- Reduced security review timelines by 50%
2. Supplier Assurance Mechanisms
Challenge: Enable suppliers to provide MOD assurance without compromising competitive advantage
Requirements:
- Privacy-preserving assurance techniques
- Intellectual property protection in security validation
- Export control compliant information sharing
- Competitive advantage preservation while demonstrating security
Success Metrics:
- Standardized assurance frameworks adopted by 100+ suppliers
- 90% reduction in IP-related sharing conflicts
- Enhanced MOD confidence in supplier security implementations
3. Cross-Disciplinary Knowledge Sharing
Challenge: Distribute security design knowledge across different engineering disciplines
Requirements:
- Multi-disciplinary security design tools and techniques
- Translation mechanisms between security and domain expertise
- Concurrent engineering approaches for secure design
- Knowledge sharing platforms for distributed teams
Success Metrics:
- Security knowledge accessible to non-security specialists
- 70% improvement in cross-disciplinary collaboration effectiveness
- Reduced security-related design iterations by 60%
Proposed Solution Characteristics
Successful solutions should demonstrate:
- Security by Design: Solutions must themselves embody secure design principles
- Scalability: Applicable across hundreds of programmes and thousands of personnel
- Flexibility: Adaptable to different classification levels and organizational contexts
- Usability: Intuitive for users without extensive security expertise
- Auditability: Comprehensive logging and compliance tracking capabilities
Technical Approaches of Interest
We are particularly interested in solutions leveraging:
- Zero-Knowledge Proofs: Demonstrating security properties without revealing implementation details
- Secure Multi-Party Computation: Collaborative analysis without data sharing
- Differential Privacy: Statistical disclosure while protecting sensitive information
- Homomorphic Encryption: Computation on encrypted data
- Blockchain/DLT: Immutable audit trails and decentralized trust
- AI/ML: Automated classification and knowledge extraction
- Digital Twins: Secure modeling and simulation environments
Response Guidelines
Phase 1: Concept Proposal (Due: April 30, 2025)
- Technical approach overview with key innovations (8 pages maximum)
- Security analysis of proposed solution
- Stakeholder impact assessment across MOD and supplier communities
- Proof of concept plan and validation approach
- Resource requirements and timeline
Phase 2: Prototype Development (Selected proposals)
- Working prototype demonstrating core capabilities
- Security evaluation by independent assessors
- User testing with real MOD and supplier scenarios
- Scalability analysis and deployment planning
- Campaign development for full-scale implementation
Support Available
MOD will provide selected solution providers with:
- Classified environments for testing and validation
- Subject matter experts across security and domain disciplines
- Real programme data (appropriately sanitized) for testing
- Stakeholder access to MOD and supplier communities
- Security clearance support for key personnel
- Intellectual property protection assistance
Evaluation Criteria
Proposals will be assessed on:
- Technical Innovation (30%): Novel approaches to fundamental challenges
- Security Robustness (25%): Demonstrated security properties and assurance
- Practical Applicability (20%): Real-world deployment viability
- Impact Potential (15%): Transformational effect on defence collaboration
- Team Capability (10%): Track record in secure systems and collaboration
Success Stories
Examples of innovative approaches already emerging:
- Secure Analytics Platforms: Enabling joint analysis without data sharing
- Privacy-Preserving ML: Training models on distributed sensitive datasets
- Automated Sanitization: AI-powered classification and redaction tools
- Collaborative Design Environments: Secure multi-party engineering platforms
Related Challenges
This challenge connects with other MOD ‘Secure by Design’ initiatives:
Contact Information
Challenge Lead: Dr. Emma Richardson
Email: information.sharing@mod.gov.uk
Phone: 020 7218 4100
Security Queries: Group Captain Michael Davies
Email: security.queries@mod.gov.uk
Technical Queries: Prof. Linda Chen
Email: technical.architecture@mod.gov.uk
Engagement Opportunities
- Monthly technical seminars: Third Wednesday of each month, 10:00-12:00
- Industry roundtables: Quarterly sessions with key suppliers and researchers
- Academic workshops: Bi-annual events with leading universities
- International forums: Annual conferences on secure collaboration
This challenge addresses critical needs identified in the Secure by Design Problem Book, supporting secure collaboration across the UK defence ecosystem.