Case study

MOD Defence Fixed Telecommunications Service:

Secure communications for a safer world


The Defence Fixed Telecommunications Service (DFTS) Agreement between BT and the Ministry of Defence (MOD) created a single multi-service platform. It replaced nineteen separate legacy networks serving the Royal Navy, the British Army, The Royal Air Force, and the MOD itself. Signed in 1997, the Agreement has been extended twice and currently runs to 2015. The value of the Agreement to the MOD includes savings of around £700 million over its lifetime.

As one of the largest PFI telecommunications undertakings in the world, DFTS now reaches some 2,000 sites. Interconnecting more than 225,000 users across the UK, Germany, and Cyprus, it carries 750,000 calls every single day.

Impressive though the above may be, beyond its numerical dimensions the DFTS story is even more compelling. BT not only had to introduce service innovations that would make Britain’s Armed Forces more agile and efficient, but also had to do so in a way that would meet the most stringent security requirements anywhere in the world.

JSP 440, the UK Defence Manual of Security, stipulates security provisions covering for example physical measures, personnel vetting, and encryption. Major Dave Whitaker, Head of Voice Services at DE&S ISS, explains: “As well as working at formal security levels ranging from Unclassified to Top Secret, MOD people naturally operate on a need to know basis. Those strictures apply not only to people within the department, but also to staff in its accredited partner organisations.”

Sound risk management principles dictate that the strength of the measures adopted should be commensurate with the value of the asset being protected. It would be feasible to build a system such that every single MOD interaction was treated as Top Secret (the highest security classification). However, the limited need for such an extreme level of security would not justify the high cost involved. Furthermore, the strict disciplines necessary would adversely affect such a system’s user friendliness.

The technologies, processes, and people that BT uses therefore have to be graded to meet the security classification of the transmissions being handled. That means, for instance, that BT people working on equipment that handles Top Secret material have to be security vetted to the same level of stringency as their MOD colleagues.

BT staff on the DFTS project live and breathe security,” says Ken Hilton, DFTS Contract and Business Manager in BT. “Not only that but the BT premises that house DFTS assets must accede to MOD DefCons and JSP stipulations in terms of their physical and procedural security. We even have a highly-secure email system for MOD communications, totally separate from all other BT systems.”


A detailed discussion of the exact architecture and technology deployed by BT is not appropriate. However, voice transmission illuminates the topic. Unclassified conversations can be carried over a normal converged MPLS infrastructure. On the other hand, Top Secret conversations require encryption and other advanced security measures. Astonishingly, BT achieves these varied requirements within a single numbering scheme.

The network topology is designed such that certain services can survive the most extreme events. For example, some critical DFTS network domains are designed to stand the loss of, say, entire cities without prejudicing the overall ability of particular MOD communities to communicate. On the other hand, Unclassified traffic enjoys normal high enterprise network resilience levels.

BT also works closely with DSAS (Defence Security and Assurance Service) and CESG (Communications-Electronics Security Group) to evaluate and accredit DFTS services to ensure they are fit for MOD security requirements. The accreditation process is complex and cyclical. It covers not only new products but also every single change to existing services.


A DFTS service package has been established that makes use of the secure network to enable the MOD to use enterprise-style business functionality such as video conferencing and remote access.

“BT unquestionably has a pivotal role in the security sphere,” says Major Dave Whitaker. “However, the expertise and experience of its people is equally valuable in helping us apply technology for business advantage.”

The entire range of MOD services is supported by the BT Customer Assured Service Centre (CASC) in Dumbarton, which employs more than 40 people, all of whom are security accredited. The CASC provides a single point of contact for over 2,000 MOD sites and 225,000 end users. It operates 24*7*365, dealing with new orders, enquiries and faults.

Ordering is simple, via an online catalogue of over 3,500 items, and the CASC handles in excess of 500 orders every month. It also sets up more than 1,500 new user accounts and handles over 2,000 password resets each month. The applications have already helped the MOD introduce flexible working practices. This has helped drive up productivity and reduce the effect upon the environment.

Major Dave Whitaker concludes: “DFTS offers transformational capabilities, proven here in MOD, which could help the UK significantly improve government processes. The partnership that we have built with BT – focused on helping us to do what we do more efficiently and more securely – is poised to bring wider benefits to UK plc.”

Core Services

A selection of DFTS services – which are designed with appropriate security levels front of mind – are described here.

  • Enhanced Video TeleConferencing (eVTC) – Eliminating the need for wasteful travel, eVTC offers all the benefits of face-to-face meetings in a virtual environment. Secure up to Top Secret level, participants in eVTC sessions can share images like CCTV footage and PowerPoint slides. Booking is simple; while the experience is so lifelike that participants quickly forget they’re not actually sitting in the same room.
  • Restricted LAN Interconnect (RLI) and Restricted LAN Interconnect Remote Access (RLI RA) – Allowing people to access, share, and update Restricted information from virtually any fixed or mobile location in the UK or overseas, these services offer a wide range of access options. RLI enables wide area networking between all fixed MOD sites, while RLI RA affords MOD people at home or on the move full remote use of their office facilities. This significantly enhances productivity.
  • Secret LAN Interconnect (SLI) – Available as a permanent connection or dial-up service from a fixed location, SLI is a fully managed network that allows the secure exchange of data protectively marked as SECRET.
  • Enterprise Gateway Service (EGS) – The only MOD approved means of accessing the internet while connected to the RLI service, EGS enables users to browse the internet and exchange Unclassified email with any other user from a Restricted desktop. It handles 43,000,000 emails each year, and means that RLI users have the benefit of a Restricted system but the flexibility to safely access information from untrusted sources.

Other applications in the service package – a total of sixteen in all – include, Smartnumbers, Restricted BlackBerry, and Directory Services.


Case study

MOD DFTS case study

PDF-124 KB