Skip to content

Search the site

MOD closes in on £55m overhaul of its "CySAFA" Big Data platform

Systems Integrators (SIs) and other vendors have just over two weeks left to finalise their expressions of interest in a £55 million overhaul of a critical Ministry of Defence (MOD) cyber operations platform. The contract comes as the department continues work to bake Artificial Intelligence (AI) algorithms into the platform, including one first developed at Facebook ("FastText") as it looks to gain more insight from terabytes of data.

CGI was contracted to design, build and operate the Cyber Situational Awareness Fusion Architecture (CySAFA) platform in 2016 in a project that also involved Northrop Grumman and SME Vysiion. It's heading for its third-iteration with MOD's Defence Digital saying potential partners have until March 30, 2022 to apply for a four-year supply contract for the platform,  which it describes as its "primary platform for data ingest and advanced analytics... fundamental to the Defensive Cyber Operations (DCO) effort to identify, protect, detect and respond to cyber threats and... a mission-critical asset to Defence’s Cyber Security Operations Capability."

The CySAFA contract notice has been live for nearly a year (July 2021). MOD has invited five contractors to bid. They are, in alphabetical order, BAE Systems Applied Intelligence, CGI, Entserv, Leidos, and Raytheon.

See also: The RAF appoints its first ever CDIO

As the MOD's Head of Innovation, Defence Digital, Ben Parish, has freely admitted, there is no shortage of "highly sophisticated cyber security products on the market which deliver new capability" for its vulnerability analysts and security teams. Yet as he noted in a 2020 blog, MOD's challenge is "not only the cost of purchasing and licencing these products across the size of our enterprise, but also the complexity of integrating products across different suppliers that comprise an end-to-end service. Moreover, these products may be considered ‘black box’ solutions", he added: "This means that the MOD may not learn anything about how to solve the problems of the future, or how to refine the output of a jigsaw puzzle of commercial tools to improve outcomes."

"Developing this capability in-house, rather than simply buying third party tools, means that we avoid the cost and complexity of implementing new tools; whilst also optimising the technical data required to input to them. We also learn how to solve future challenges as our enterprise becomes more complex and threats continue to evolve" Parish said in 2020, describing work on baking data science capabilities as a "fully supported capability in to the live CySAFA environment" which MOD uses to support its bid to gain "informational advantage".

As with many of HMG's departments, the intended direction of travel appears to be to improve in-house capabilities and reduce rigid contract structures as much as possible in a fast-moving world.

CySAFA 3 contract: What's needed?

MOD says the winning CySAFA 3 supplier will provide two delivery elements within the contract:

1: Service Integration (SI): "Acting within the Technical Authority the Supplier is to support delivery of end-to-end services to operational users through integration of outputs (e.g. tools) from several suppliers to the data environment. The Supplier will also ensure the coherent evolution of the design and implementation of the capability as well as its compliance to relevant policies and standards. A responsive approach to service management and support is needed to match the tempo of cyber operations."

2: Data as a Service (DaaS). "The Supplier will deliver sufficient software development resources to extend, integrate and enhance the functionality of the existing open-source big data technologies for which the design pattern is owned by the Authority. A subset of these resources is required to provide embedded support... should high priority changes need to be made quickly in the operational environment.."

The winning supplier will support "sustained iterative development and incremental delivery... to successfully provide significant improvements and enhancements to front-line functionality with the Agile delivery model enabling [MOD] to rapidly and coherently respond to the Authority’s evolving cyber threat" and, subject to contract, "transition service delivery from the current incumbent and work in close collaboration with the Authority, suppliers and other stakeholders, to ensure that the capability continues to meet operational priorities whilst evolving alongside the wider defensive cyber enterprise and meeting increased demand."

The contract award, expected September 2022, will come as the UK has vowed to be one of “the world’s leading democratic cyber powers” (2021's Integrated Review of Security, Defence, Development and Foreign Policy) and as defence IT professionals like the US Army's CIO Dr Raj Iyer have emphasised the need for greater agility across defence IT systems, cultures and procurement in the face of growing pressure to innovate at pace.

See also: The Big Interview -- US Army CIO Dr Raj Iyer gets tough

Latest