Between January and October this year, the Ministry of Defence suffered as many of 34 cyber incidents compared to 37 it suffered throughout 2017, suggesting that the number of cyber attacks that may have had limited to major impact on the UK’s national security has not come down at all.
In October this year, Sky News revealed that as many as 37 successful cyber attacks took place in 2017 that compromised sensitive military and defence data belonging to the Ministry of Defence.
Such incidents included attacks by nation-state hackers, foreign spies gaining access to sensitive information stored in offices, cabinets, and protected computer hardware, and hackers breaching perimeter security to infiltrate classified systems, documents, and rooms. Incident titles of ten such cyber incidents were redacted by the Ministry of Defence, thereby concealing even the nature of such breaches.
The Ministry of Defence redacted the breach reports to “conceal the outcome of the security incidents”, stating that any public admission by the MoD could “provide potential adversaries with valuable intelligence on MoD’s and our industry partners’ ability to identify incidents and react to trends”.
According to Sky News, the Ministry of Defence has yet again decided to redact a majority of incident reports this year in order to conceal the outcome of such incidents. The MoD said in a statement that the publication of such incident reports would “provide potential adversaries with valuable intelligence on the MoD’s and our industry partners’ ability to identify incidents and react to trends” and that the “disclosure of the information would be likely to increase the risk of a cyber attack against IT capability, computer networks and communication devices”.
How is the Ministry of Defence responding to cyber threats?
In October this year, the Ministry of Defence, along with the National Cyber Security Centre, announced the Cadets CyberFirst programme to impart cyber security skills and expertise to over 2,000 military cadets every year.
While Ministry of Defence cadet organisations and the GCHQ National Cyber Security Centre will deliver the Cadets CyberFirst programme to over 2,000 cadets every year, the government will also invest over £1 million every year in the programme and will also increase the number of cadets in school units from 43,000 to 60,000 by 2024, thereby allowing young people to learn more skills by joining cadet schools.
“With many cadets going on to join the armed forces, this scheme should help the MoD get a head start on equipping recruits with vital cybersecurity skills. It can also help get smart, would-be hackers on side, before they’re tempted to use their skills for less worthy means,” says Michael Madon, SVP & GM security awareness at Mimecast.
According to The Times, the Ministry of Defence and GCHQ are also planning to set up an “offensive-cyber force” to respond effectively to hostile states, domestic cyber gangs and terrorists.
Sources told The Times that the upcoming cyber-force, the creation of which is yet to be acknowledged by the government, will be composed of experts from the military, security services, and industry and will not only be required to respond effectively to cyber threats from Russia, but also to deter criminal gangs, paedophile rings, and people-traffickers.
According to The Times, GCHQ and the MoD are presently at loggerheads over the command structure of the offensive cyber-force. As per a Times source, while the military will want it to be a high-level war-fighting force that can do things like counter-missile programmes, politicians will want a tactical force that focuses on combating crime and domestic terror threats. The new force is expected to increase the number of available personnel in offensive cyber roles by as much as four times in the coming days.