Tag Archives: MoD

UK Armed Forces at Risk of Cyber Attack

MPs have warned that Britain’s armed forces could be “fatally compromised” by a sustained cyber attack due to their ever increasing reliance on information and communication technology that have no proven backup or contingency plans in place.

The Defence Select Committee has released a report that questions the military’s contingency plans and that the government needs to become more proactive and take control of the situation as quickly as possible.

James Arbuthnot, the committee’s chairman, stated, “It is our view that cyber security is a sufficiently urgent, significant and complex activity to warrant increased ministerial attention. The Government needs to put in place – as it has not yet done – mechanisms, people, education, skills, thinking and policies which take into account both the opportunities and the vulnerabilities which cyberspace presents.”

If the armed forces were to be hit by a sustained cyber attack, the consequences could be frightening. Entire combat units such as battleship and aircraft units could be deemed useless as radars and satellites could be targeted and paint a false picture of the battlefield.

The committee also stated, “The evidence we received leaves us concerned that with the armed forces now so dependent on information and communications technology, should such systems suffer a sustained cyber attack, their ability to operate could be fatally compromised.”

The Minister for International Security Strategy, Dr Andrew Murrison, has defended the Government’s level of involvement and efforts so far.

Murrison stated, “Far from being complacent, the MoD takes the protection of our systems extremely seriously and has a range of contingency plans in place to defend against increasingly sophisticated attacks although, for reasons of national security, we would not discuss these in detail. Government funding to tackle this threat underlines the importance we attach to these issues.”

Jim Murphy who is the Shadow defence secretary has stressed the importance to continue to develop cyber-security strategies and for everyone to work together to help improve the defences against the ever evolving cyber attacks.

Murphy stated, “Developing professional expertise, advanced research, bringing public and private sectors together, using procurement to promote best practice and working with international partners are all essential elements of a comprehensive cyber-security strategy for our forces. Vulnerabilities must be tackled urgently and ministers must respond in detail to the demands in this report. Cyber demands new strategies and capabilities as part of a necessarily diverse modern defence posture.”

With the ever increasing sophistication and number of cyber attacks that are taking place, the importance of having a secure and robust backup solution and contingency plans in place is as great as ever. Becoming the victim of a successful cyber attack could lead to catestrophic consequences in both the short and long term if your data is lost or modified and cannot be successfully recovered.

Royal Navy suffers data breach after website hack

Last weekend a hacker allegedly broke into the Royal Navy’s website, gaining access to private information and data in a potentially hazardous cyber attack.

The hack was carried out by a Romanian-based individual going by the alias of TinKode. He targeted the navy’s official UK site, in the process harvesting data such as passwords and usernames which could give access to administrative powers.

Sophos’ Graham Cluley told SC Magazine UK, that during the hack, which lasted several hours, the site redirected users to an image file, declaring that it was offline for maintenance purposes.

Mr Cluley pointed out that the government has recently reasserted its aims to heighten the UK’s ability to fend off the threats posed by cybercriminals and terrorists from foreign nations. Now an SQL injection has allowed just such an attack to occur and many are worried about the type of data which was made available to the hacker.

Mr Cluley said that from one point of view the Ministry of Defence (MoD) has got off lightly since the hacker does not seem to have been motivated by malice, but rather by a mischievous desire to test his skills. As such, the weaknesses of the Royal Navy website have been exposed without necessarily putting UK citizens or the armed forces at risk, although at this time the extent of its impact remains unknown.

Experts believe that this incident can act as an example to all businesses, organisations and individuals who own and operate a website, as it shows how easily a weakness can be exploited by third parties.

It is thought that the Royal Navy website was not infected with malware, as could have easily been the case had the hacker been more nefarious in his intent.

The Romanian hacker responsible for the attack has a presence on Twitter and received a number of messages congratulating him on his efforts, including many deriding the MoD’s ability to properly secure the websites which it operates on behalf of the armed forces.

MoD announces increase in data security and encryption

The Ministry of Defence (MoD), which was recently the subject of a data loss scandal involving the loss or theft of 340 laptops over a two year period, has said that it will be significantly improving the levels of security to which it subjects its data and portable devices.

A spokesperson for the MoD said that the department was aware that data loss and theft could have a negative impact on its reputation and agreed that the level of concern was growing in line with the threat posed by criminals and simple human error.

Of the 340 laptops which went off the radar between 2008 and 2010, more than 50 per cent were completely unencrypted, leading to severe criticism over the highly accessible nature of the data stored on them.

MoD permanent Secretary Sir Bill Jeffrey said that encryption levels amongst the current stock of laptops operated by the department were around 70 per cent, which is an increase of some 30 per cent compared to last year.

Sir Bill indicated that the MoD had begun to enforce a policy banning the use of unencrypted devices for the storage and transportation of data, together with an initiative to improve the manner in which the department deals with data across the board.

USB storage devices will be encrypted to allow data to be transported securely, which Sir Bill says will hopefully limit the number of incidents of data loss, in addition to increasing the sense of responsibility of employees who are tasked with using the data in their daily activities.

Training schemes introduced by the MoD to raise awareness amongst staff have been completed by 92 per cent of its employees, according to Sir Bill and this has resulted in a reduction of more than 50 per cent in the number of laptops that were lost over the past 12 months. He was keen to point out that this smaller number of lost devices were also far more likely to have been encrypted, thanks to the new policy.

MoD criticised over laptop data loss statistics

Around 340 laptops that were the property of the Ministry of Defence (MoD) and its agents have been lost over the last two years, leading to widespread criticism.

The MoD admitted the serious loss after Lewis PR made a request for statistics under the Freedom of Information Act. When broken down, it was revealed that 120 of the total were stolen while the greater majority were simply lost through carelessness.

Of the 340 laptops that went missing, only 25 were eventually recovered and more than 50 per cent were unencrypted, leaving the data open to exploitation. Further data losses occurred via other portable storage solutions, with 215 thumb drives, 593 optical disks, 13 smartphones and 96 hard drives also listed as lost or stolen over the same period.

Other government departments were implicated, with the Department for Work and Pensions responsible for the loss of 71 laptops and 75 smartphones, whilst the Department for Transport had recorded the loss of 39 PDAs, together with 38 laptops.

A total of 11 governmental departments contributed statistics and between them 518 laptops were recorded as lost or stolen, in addition to 932 other portable storage devices. This has cost the country nearly a million pounds.

The worrying nature of these revelations has been touched upon by numerous security experts and a number have pointed out that the government’s various departments have clearly failed to address the problems of data security and loss prevention in any appropriate manner, whilst at the same time putting national security at risk.

Many believe that the statistics show incompetence and a lack of respect for private data, with human error being the most notable contributing factor to data loss in the public sector. The lack of widespread encryption was identified as making it simple for veteran criminals to access data on lost or stolen devices.

Data breaches are known to cost businesses and organisations millions of pounds and although the material cost of the government’s losses has been calculated, it is unknown precisely how much the loss of the associated data could be worth in real terms.

New MoD data losses reported

The Ministry of Defence has unveiled an alarming new report detailing multiple incidents in which confidential data has gone missing.

In 2009 the MoD said that 347 separate data losses occurred and it has now announced that in the first two months of 2010 a further 71 incidents of allegedly protected data going missing have occurred.

In a letter to parliament received on the 8th of April, the MoD said that the data loss figures for 2010 were already approaching the total figures accumulated in the whole of 2005.

Five years ago the MoD suffered 77 incidents of data loss and that figure has steadily risen over the years. 2006 saw 130 separate incidents and this spiked to over 1000 in 2008 according to Defence minister Bill Rammell.

According to Mr Rammell there are two main reasons for the huge growth in data loss incidents in 2008. The first is attributed to the fact that the MoD implemented tougher rules encouraging its members to report data losses and the second was due to a department-wide audit that took into account the portable storage devices which were previously unaccounted for.

Mr Rammell is thus indicating that basic managerial tasks had brought to light far more data loss incidents than those of which the MoD had previously been aware.

Mr Rammell also said that the high number of recent data losses is being exacerbated by inaccurate record keeping. Portable devices which have been safely destroyed by the MoD have not always been properly recorded and thus their absence is sometimes construed as a data loss when this is not in reality the case.

One of the MoD’s biggest data loss scandals occurred in late 2008 when it emerged that a removable hard drive had been lost, leaking the personal information, including financial details, of people who had applied to join one of the UK’s armed forces. A total of 1.7 million UK citizens were affected in this case. Since then the MoD has attempted to completely rework its data protection policies in order to prevent further high profile cases.

RAF Lose the Personal Data of Over 500 Senior Officers

Yet another case of data loss has entered the public domain following a Freedom of Information request.

The Ministry of Defence have admitted that computer disks lost at a British Royal Air Force base contained sensitive files on the private lives of senior officers. The extremely personal information had been given by servicemen for an in-depth vetting process to give them high security clearance.
It has been admitted since the files were stolen that more than 500 RAF staff have been warned of the possible consequences to them and their families after the unencrypted data – stored on the hard drives went missing.

An internal MoD memo admitted that some of the details on high-ranking officers would be “front page news” that could tarnish the reputation of the RAF.

An RAF source not affected by the loss said there was “considerable worry in the ranks” over the loss of data that could affect relationships or be used by others to compromise personnel.
With the sensitive vetting details only emerging following a Freedom of Information request that led to the release of an internal MoD memo, together with the news that any data loss may need to be made public, the security and breach of data loss has never been more critical.

Over the past couple of years we have seen a sharp increase in the use of remote, wireless and mobile devices to access computer networks.

Many people now use laptops to carry files and data from place to place and can use wireless connections to work from almost anywhere they please. But there are dangers of data loss with these new advancements.

These changes that enable businesses to be on-the-move are leaving the networks increasingly vulnerable to attack, and the data that the businesses and organisations hold, at serious risk.
There are a number of ways to help reduce the risk of data loss in and out of the work place.

Other then the obvious methods of restricting access to only those who need it, data encryption and the ability to remove data from a mobile device once it has been is lost or stolen are key.
Obviously data backup using a very secure, automated and robust solution is always essential whether it be for critical servers or remote user devices. Also the ability to remove data from a laptop that is out of an organisations control is another solution that is becoming increasingly crucial as users become more mobile.

If you wish to hear how your businesses security could benefit from online backup, disaster recovery, business continuity or data deletion from laptops then please ask today.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal