MoD appoints £2m cyber specialist to test Army IT vulnerabilities

Written by Sam Trendall on 23 September 2022 in News

Firm will be asked to assess existing and new tech platforms 

Credit: PxHere

The Ministry of Defence has awarded a potential £2m contract to a specialist supplier that will be tasked with testing for cyber vulnerabilities in the Army’s IT infrastructure and applications.

The deal, which comes into effect on 1 October, covers the provision of “code-assisted vulnerability assessments and penetration testing security assessments on both new and in-service applications [and] infrastructure”, according to newly published commercial information. 

These assessments relate to the infrastructure of two hosting facilities run by the Army Digital Services unit – the Joint Server Farm (JSF) and the Army Hosting Environment (AHE) – and all data and programs stored in each.

The JSF contains only information classified at the government's lowest-grade ‘Official’ status and can be accessed from any internet-connected computer via the Defence Gateway online login system.

The AHE, meanwhile, hosts data up to ‘Secret’ classification and other sensitive information. A breach of this environment “could not only be damaging to the Army's reputation, it could jeopardise potential operations [and] could also incur fines from the Information Commissioner”, according to the contract award notice.

Related content

“An attack to disrupt any of the services ADS provides would significantly erode the Army's ability to operate, as many of the systems support day-to-day activities and processes,” it added. “It is, therefore, imperative that vulnerabilities are identified and remedied/mitigated to reduce the risk of these occurrences.”

To help ensure the security of all storage facilities and the data they house, Manchester-based cybersecurity consultancy NCC Group will, over the next two years, be asked to perform a variety of vulnerability assessments and penetration-testing exercises.

“[These] security assessments… are used to identify vulnerabilities in code and infrastructure – networks, servers, operating systems and applications – that could potentially be exploited,” the procurement notice said. “Attackers can be hackers trying to gain access into our network or systems, state sponsored activists or an insider threat. They will aim to either extract information that is held on applications and hosting environments or cause extensive disruption to services.”

All new applications that will be run from either the JSF or AHE environment will be required to undergo a vulnerability assessment, the MoD indicated. 

“Existing applications, hosting environments and platforms must be [assess] on a rolling programme to ensure any changes do not increase vulnerability and potential for being attacked,” it added.

The engagement with NCC will run for an initial term of two years, with a baseline value of £459,000 – plus up to £1.5m extra to be spent on an ad hoc basis. Upon its conclusion on 30 September 2024, the deal can be extended for a further year at the MoD’s discretion.


About the author

Sam Trendall is editor of PublicTechnology. He can be reached on

Share this page




Please login to post a comment or register for a free account.

Related Articles

Cabinet Office to ‘fill gaps’ in vulnerability scanning of technology
29 March 2023

New deal covers 13,500 end-user and on-site devices, AWS accounts and public-facing domains 

‘Top Secret UK eyes only’ – MoD plots new infrastructure for highly classified information
20 February 2023

Facility in south-east England is likely to include private cloud and physical storage

Police seeks tech to investigate crypto crime
29 March 2023

City of London force plans to spend £1.8m on forensics investigation service available to all UK law-enforcement agencies

Public bodies tighten restrictions on TikTok
27 March 2023

App is now formally banned from Scottish Government devices and can no longer be accessed on Westminster network

Related Sponsored Articles

Digital transformation – a guide for local government
6 March 2023

Digital transformation will play a key role in the future of local government. David Bemrose, Head of Account Strategy for Local Government at Crown Commercial Service (CCS), introduces a new...