My Department implements a security-by-design and defence-in-depth approach to cyber security. Technical staff continue to operate and monitor all relevant systems to the highest levels, and the Department is closely engaged with experts in the OGCIO and the NCSC to ensure that it follows best practice as it relates to all aspects of Cybersecurity.
For operational and security reasons, we are advised by the NCSC not to disclose details of systems and processes which could in any way compromise those efforts. In particular, it is not considered appropriate to disclose information which might assist in identifying potential vulnerabilities in departmental cybersecurity arrangements. Therefore, it is not considered appropriate to disclose particular arrangements in place in relation to cyber security tools and services and my Department does not comment on operational security matters.