We help customers unlock the benefits of an intelligence driven organization, by working across the enterprise to drive security integration as a business enabler.
As we support organizations seeking to transform themselves to keep pace with cyber threats, we are helped by our intimate understanding of defense and security domains: the mission or operational remit of our customers, their doctrines, policies, frameworks and protocols.
Our ability to architect integrated technology, teams and processes is informed by our wider abilities in P3M, in advisory change management and in digital transformation.
And our agile development abilities help us deliver change at speed. The result is meaningful integration of technology, people and process that delivers richer information sharing, better dialogue and better surge capacity with a clear through-life maintenance plan.
At BMT, Cyber Security is integral to any design of system or platform. It involves both the technologies being utilized, as well as the processes and people that either feed into that system or make decisions based on its output.
We start with the human as this is predominantly where most vulnerabilities lie. Using a Human Centred Design Approach, our Human Factors Scientists and Engineers model the capability required and how the human will interface with the systems forming part of this. We ensure this interface is clean and simple and is not easily circumvented (as humans, we tend to follow the path of least resistance to perform a task).
From a technology perspective, we exploit our Common Data Platform, BMT Deep, which captures huge amounts of data, in real time, from a wide range of sources. This helps to keep a good Cyber Situational Awareness, allowing deeper threat analytics and automated courses of actions to be put in place to maintain a cyber advantage. This is a continual process and requires a multi-disciplined blended team of cyber security personnel, data scientists, DevOps and network engineers.
BMT has developed a Cyber Vulnerability Investigation (CVI) Processing & Analytics Platform.
The CVI Analytics Tool specifically involves the processing and fusion of structured and unstructured information (text) extracted from documents to support the exploitation of their content by enabling inferences across multiple CVIs and Target of Investigations (ToIs) and helping various stakeholders to identify key risks and insights. Key capabilities include:
The CVI Analytics solution can support ‘what-if’ analysis, based on assumptions made on risks, vulnerabilities, threats and presence/absence of controls to identify potential consequences in the context of a mission or scenario. This is based on inferences and correlations supported by an ontology, a triplestore, data models and an inference engine/SPARQL. Current capabilities provide predictions that can be further enhanced by using data mining/complex analytics as well as correlations against external data sets (beyond other ontologies).
Our knowledge and experience has ensured the successful delivery of an architecture which enables quick analysis and visualization of data from multiple, complex systems.
Delivering new or enhanced capability for customers requires a balanced consideration of both technology- and human-related requirements and the development of equipment and processes based upon a socio-technical view of capability.
Human Factors Integration (HFI) is the UK MOD's process by which the human component of capability is considered throughout the lifecycle of a military system, from concept through to disposal. It is a systematic process for identifying, tracking and resolving human related issues to ensure a balanced development of both the technology and human components of military capability. Working alongside users and engineers, BMT’s human factors specialists can help to understand user requirements, support the design of human-technology interfaces and develop ways of working and user training to maximise the successful delivery of new capability.
BMT’s Human Factors Integration (HFI) builds in human system safety from the start. User-centred design ensures that systems are engineered to support all the requirements of the operators; seamlessly integrating usability, effectiveness and safety, and ensuring successful, integrated designs created with the optimum balance between human and machine. As an integral part of our Systems Engineering approach to the design and development of complex systems, Human Factors engineers work closely with systems engineers, safety engineers and training specialists to identify, track and resolve human-related issues, ensuring a balanced development of both the technology and human aspects of capability.
When addressed sufficiently early and throughout the system lifecycle, HFI will:
To ensure best practice, we have evolved and continue to refine our implementation of Agile, ensuring we take the best delivery approach needed for the client’s requirements - one size never fits all. This has enabled us to deliver complex digital and technology programmes where change is an inevitable part of forward progress and delivery.
We are also experienced in using the Scaled Agile Framework. We recommend this approach for multiple teams with complex or unpredictable dependencies. In parallel, we have implemented Project Increment (PI) Planning as a scheduled joint activity which has synchronized constituent teams on meaningful business deliveries. We’ve used PI Planning to encourage the early identification of high risk dependencies and blockers in a face-to-face manner which has enabled us to de-conflict activities across teams, and across the technology stack, whilst maintaining outcomes that are relevant to the business.
We are experienced in setting up and operating DevOps capabilities, including application maintenance and support and continuous improvement. In a UK Government Department requiring redevelopment of their digital licensing system, we designed and engineered a solution using different tools and techniques that delivered a DevOps capability and DevOps culture, extending from the way we captured user stories, the tools we used to build and deploy through to the processes we followed to ensure operational stability. Based on our experience of high security environments, we used Docker for deployment standardization, Hashicorp Vault for certificate protection, and Kubernetes for the containerized application management.