British MoD Secrets Exposed In Dozens Of Breaches

Ministry of Defence secrets were exposed in dozens of breaches of military cyber security policy last year, as hostile nations and spy agencies continue to probe the UK's defence sector. Heavily redacted reports obtained by Sky News have revealed that the MoD and its partners failed to protect military and defence data in 37 incidents in 2017.

At the time, warnings issued by the MoD and National Cyber Security Centre mentioned a Chinese espionage group known as APT10 hacking IT suppliers to target military and intelligence information.

Although espionage is considered an "acceptable" state behaviour and not a reasonable pretext for a forceful response, the theft of military secrets remains a serious threat to national security.

The reports of breaches of British military information were redacted to conceal the outcome of the security incidents, including whether they resulted in damaging information being gained by hostile nations. According to the MoD, to publicly confirm details of the breaches beyond their existence would "provide potential adversaries with valuable intelligence on MoD's and our industry partners' ability to identify incidents and react to trends".

"Disclosure of the information would be likely to increase the risk of a cyber-attack against IT capability, computer networks and communication devices," the ministry added.

The incidents involved exposing data to nation-state level cyber risks, such as defence information being left unprotected to foreign states' surveillance of internet traffic. In other slip-ups, information with a 'SECRET' classification was left at risk to physical operations in which spies could have accessed restricted offices, cabinets, and protected computer hardware.

In 10 of the reports, even the incident title is redacted alongside the standard redactions of the incident description and outcome, suggesting the breaches were so severe the Ministry of Defence would regard even admitting that they happened as harming national security.

In other breaches, computer peripherals which hadn't been checked for espionage malware were connected to classified systems, and devices, documents, and rooms were left exposed to unauthorised parties on multiple occasions. Two incidents regard mobile phones and a laptop being taken overseas.

Sky

You Might Also Read: 

Chinese Hackers Steal Naval Warfare Secrets:

Chinese Spy Extradited To Go On Trial:

 

« It's Time To Embrace Blockchain Technology
British National Cyber-Centre Thwarts Hostile Hackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Komodo Consulting (KomodoSec)

Komodo Consulting (KomodoSec)

Komodo Consulting specializes in Penetration Testing and Red-Team Excercises, Cyber Threat Intelligence, Incident Response and Application Security.

Resilience First

Resilience First

Resilience First is a not-for-profit organisation, led and funded by business to strengthen collective business resilience in all areas, including cyber security.

Naval Dome

Naval Dome

Naval Dome provides the first maritime multilayer cyber defense solution for mission critical onboard systems.

Sertainty

Sertainty

Sertainty enables developers to mix intelligence into data files for active risk mitigation and data control. Discover the impact of Data: Empowered.

Cybeta

Cybeta

Cybeta's actionable cybersecurity intelligence keeps your business safe with strategic and operational security recommendations that prevent breaches.

Cardonet

Cardonet

Cardonet is an IT Support and IT Services business offering end-to-end IT services, 24x7 IT Support to IT Consultancy, Managed IT and Cyber Security.

HarfangLab

HarfangLab

HarfangLab develops a hunting software to boost detection and neutralization of cyberattacks against companies endpoints.

One82

One82

Serving emerging small and medium-sized businesses in California and neighboring regions for over 20 years, One82 has established itself as the most dependable provider of IT support services.

Ping Identity

Ping Identity

At Ping Identity, we believe in making digital experiences both secure and seamless for all users, without compromise. That’s digital freedom.

ECIT

ECIT

ECIT is your preferred provider of finance and IT services. We believe in the value of combining financial and IT services to streamline and improve the operation of your business.

eMudhra

eMudhra

eMudhra is a leader in Identity and Transaction Management Solutions.

Spec

Spec

Spec is the only no-code orchestration platform that protects enterprise fraud defenses from being blocked, bypassed, and manipulated by modern attack tactics.

Diversified Technical Services Inc. (DTSI)

Diversified Technical Services Inc. (DTSI)

DTSI provides a wide range of technology solutions for Federal Agencies, the Department of Defense, and commerical organizations with capabilities including Cyber Security and DevSecOps.

APIsentry

APIsentry

APIsentry is a leading provider of comprehensive API security solutions, specializing in protecting organizations from a wide range of cyber threats targeting their Application Programming Interfaces.

Viatel Technology Group

Viatel Technology Group

Viatel Technology Group is a complete digital services provider. We have over 26 years’ experience delivering fully managed security, networking, cloud and communications services.

Cypherleak

Cypherleak

Cypherleak provide Automated Cyber Risk Monitoring & Ai powered cyber recommendations.