If DCC Is MOT Testing, Secure by Design Is Aerodynamic Engineering

News and information from the Advent IM team.

Rather than viewing Defence Cyber Certification (DCC) and Secure by Design (SbD) as similar or overlapping, it’s more accurate to see them as operating at different layers of the system and supplier lifecycle. They serve different purposes, influence different behaviours, and deliver different types of assurance.

Many discussions focus on what each framework requires, but far fewer look at how they complement one another or why they sit in different parts of the engineering and procurement pipeline. Treating them as interchangeable risks missing the strengths of each — and risks underestimating the role of Secure by Design in building systems that remain resilient under real-world operational pressure.

A more useful analogy is this:

DCC is the MOT test.
Secure by Design is the aerodynamic engineering that makes the vehicle safe, performant and resilient long before it reaches the test centre.

1. DCC = MOT Testing: Assurance at the Point of Use

DCC exists to give the MOD a repeatable, scalable, evidence‑based way to assess whether a supplier meets a minimum defensible cyber standard.

Like an MOT test, DCC is designed to:

  • Check baseline controls
    Are the essential cyber hygiene measures present and functioning?
  • Identify unacceptable risks
    Equivalent to “your brakes are worn” or “your emissions exceed limits.”
  • Confirm eligibility and safety for operation
    Can the organisation safely handle or process MOD information or connect to MOD systems?
  • Enable consistent procurement decisions
    Just as MOT certificates allow insurers and regulators to evaluate risk, DCC helps MOD buyers compare suppliers on a level playing field.

But — and this is the critical point — an MOT test does not tell you whether the vehicle was well engineered, whether it will behave predictably in extreme conditions, or whether it can survive high stress, rapid manoeuvres, or hostile environments.

DCC is necessary — but never sufficient.

2. Secure by Design = Aerodynamic Engineering: Performance Built from First Principles

Secure by Design operates at an entirely different altitude.

Where DCC inspects what exists, SbD shapes what gets built.

Aerodynamic engineering considers forces, pressures, behaviours and failure modes that the user will never see — but will absolutely experience if they go wrong. Secure by Design works the same way:

  • Threat‑led design
    Anticipating hostile interference, not just accidental failures.
  • Architectural integrity
    Ensuring every subsystem interacts predictably, safely and verifiably.
  • Minimisation of inherent weaknesses
    Reducing attack surface through principled engineering rather than procedural control.
  • Lifecycle resilience
    Considering upgrades, degradation, obsolescence, and interdependencies from day one.
  • Assurance built into the structure
    Assurance isn’t bolted on at the point of assessment — it is created at the point of conception.

DCC checks the brakes.
Secure by Design shapes the whole platform so the brakes aren’t overwhelmed in the first place.

3. The Consequence of Confusing the Two

When suppliers treat DCC as if it were Secure by Design, they often focus exclusively on passing a test:

  • Producing documents instead of engineering evidence
  • Implementing point‑in‑time fixes
  • Chasing compliance rather than designing out risk
  • Treating cyber as a project rather than a property of the system

The result is a product or service that may be compliant but still fragile, passing the MOT even though it was never aerodynamically optimised for the real operating environment.

Conversely, when suppliers embrace Secure by Design:

  • DCC becomes almost trivial
  • Evidence for assurance already exists
  • Risks are reduced earlier and at lower cost
  • MOD confidence increases, often significantly

Secure engineering drives compliance.
Compliance cannot drive secure engineering.

4. Why Defence Needs Both Layers

In a military context, systems rarely operate in benign conditions. They face:

  • Hostile cyber interference
  • Supply chain compromise
  • Degraded environments
  • Interoperability challenges
  • Time‑sensitive mission pressures
  • Rapid reconfiguration and redeployment cycles

DCC alone cannot provide resilience against these threats.
Secure by Design alone cannot provide procurement assurance at scale.

But together, they create the conditions for trusted, survivable capability:

  • DCC ensures baseline trustworthiness across the supply chain.
  • Secure by Design ensures engineered resilience in mission systems.

They are complementary, not equivalent.

Compliance Gets You on the Road. Engineering Gets You Home.

A vehicle can pass its MOT and still perform terribly on a racetrack, in a storm, or under evasive manoeuvres. Defence systems face all three — often simultaneously.

This is why Secure by Design matters so much more than simply “meeting a standard.”

If DCC ensures that a system can be used safely,
Secure by Design ensures that it continues to operate safely under pressure.

 

Share this Post

© 2026 Advent IM Limited.