A Freedom of Information request made by Sky News has revealed that the Ministry of Defence lost thirty computers, 210 laptops, and 80 USB sticks to various incidents of theft between October 2018 and September 2019.
In the same period, the Ministry of Defence also lost eleven rifles, 42 explosive munitions, 1,153 rounds of ammunition, as well as “body armour, a quad bike, vehicle loading ramps, vehicle batteries, a clarinet, earplugs, a camera and a mountain bike”, Sky News learned.
“We take security extremely seriously and have robust procedures to deter and prevent losses and thefts, as well as precautions to ensure devices cannot be accessed by unauthorised parties.
“We have large numbers of devices right across the world, and whilst it is impossible to stop all losses, all incidents are recorded so lessons can be learnt and disciplinary action or prosecution taken when necessary,” said a Ministry of Defence spokesperson.
The loss of laptops, computers, and portable storage devices from army bases to unknown thieves could expose classified information such as details of deployments, military operations, inventories, and servicemen to malicious individuals or enemy states and could pose a major threat to national security.
This is not the first time that unauthorised individuals have gained access to weapons, essential gear, or IT equipment belonging to the armed forces. Information obtained by Sky News also revealed that in 2017, sensitive military and defence data belonging to the Ministry of Defence were compromised to 37 separate cyber security incidents.
The Ministry of Defence redacted the breach reports to “conceal the outcome of the security incidents”, the Sky News report claimed, adding that any public admission by the MoD could “provide potential adversaries with valuable intelligence on MoD’s and our industry partners’ ability to identify incidents and react to trends”.
Ministry of Defence must introduce end-to-end encryption across the entire infrastructure to prevent leaks
The report added that these cyber incidents included attacks by nation-state hackers, foreign spies gaining access to sensitive information stored in offices, cabinets, and protected computer hardware, and hackers breaching perimeter security to infiltrate classified systems, documents, and rooms. Incident titles of ten such cyber incidents were redacted by the Ministry of Defence, thereby concealing even the nature of such breaches.
“We live in a world where it is not surprising that military departments can be breached. These organisations have a wide variety of infrastructure spanning everything including endpoints, data centres and the cloud,” said Luke Brown, VP EMEA at WinMagic.
“This means it is not an easy task to ensure deeply sensitive – and highly valuable – information doesn’t fall into the wrong hands. What is needed is an end–to–end data protection platform that works across all infrastructures. More importantly, this must encrypt the data, and ensure it stays encrypted until needed.
“For organisations operating on the frontline of national security, protecting intellectual property must be the number one priority. Should it fall into the wrong hands there could be serious consequences. In cases like this, where it is unclear exactly who has been responsible for the data breach, an encryption platform makes all the difference. If your data gets breached – and it will – the sensitive information will be unreadable to anyone who’s not authorised to read it,” he added.