British MoD Secrets Exposed In Dozens Of Breaches

Uploaded on 2018-10-17 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

Ministry of Defence secrets were exposed in dozens of breaches of military cyber security policy last year, as hostile nations and spy agencies continue to probe the UK's defence sector. Heavily redacted reports obtained by Sky News have revealed that the MoD and its partners failed to protect military and defence data in 37 incidents in 2017.

At the time, warnings issued by the MoD and National Cyber Security Centre mentioned a Chinese espionage group known as APT10 hacking IT suppliers to target military and intelligence information.

Although espionage is considered an "acceptable" state behaviour and not a reasonable pretext for a forceful response, the theft of military secrets remains a serious threat to national security.

The reports of breaches of British military information were redacted to conceal the outcome of the security incidents, including whether they resulted in damaging information being gained by hostile nations. According to the MoD, to publicly confirm details of the breaches beyond their existence would "provide potential adversaries with valuable intelligence on MoD's and our industry partners' ability to identify incidents and react to trends".

"Disclosure of the information would be likely to increase the risk of a cyber-attack against IT capability, computer networks and communication devices," the ministry added.

The incidents involved exposing data to nation-state level cyber risks, such as defence information being left unprotected to foreign states' surveillance of internet traffic. In other slip-ups, information with a 'SECRET' classification was left at risk to physical operations in which spies could have accessed restricted offices, cabinets, and protected computer hardware.

In 10 of the reports, even the incident title is redacted alongside the standard redactions of the incident description and outcome, suggesting the breaches were so severe the Ministry of Defence would regard even admitting that they happened as harming national security.

In other breaches, computer peripherals which hadn't been checked for espionage malware were connected to classified systems, and devices, documents, and rooms were left exposed to unauthorised parties on multiple occasions. Two incidents regard mobile phones and a laptop being taken overseas.

Sky

You Might Also Read: 

Chinese Hackers Steal Naval Warfare Secrets:

Chinese Spy Extradited To Go On Trial:

 

« It's Time To Embrace Blockchain Technology
British National Cyber-Centre Thwarts Hostile Hackers »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Identiv

Identiv

Identiv is a global security technology company that establishes trust in the connected world, including premises, information and everyday items.

Cyber Security & Information Systems Information Analysis Center (CSIAC) - USA

Cyber Security & Information Systems Information Analysis Center (CSIAC) - USA

CSIAC is chartered to leverage best practices and expertise from government, industry, and academia on cyber security and information technology.

RedLock

RedLock

The RedLock Cloud 360TM platform correlates disparate security data sets to provide a unified view of risks across fragmented cloud environments.

vdiscovery

vdiscovery

vdiscovery is a provider of proprietary and best-in-breed solutions in computer forensics, document review, and electronic discovery.

FinCom.co

FinCom.co

FinCom.Co is the world’s first automatic AML/ KYC screening system, for comprehensive compliance.

Kinnami Software

Kinnami Software

Kinnami is a data security company that equips organizations with the tools they need to secure and protect highly confidential documents and data.

Twingate

Twingate

Twingate help organizations secure and manage access to their technology resources in a world where people work from anywhere.

Debevoise & Plimpton

Debevoise & Plimpton

Debevoise & Plimpton LLP is a premier law firm with market-leading practices in areas including Data Strategy & Security.

HackersEra

HackersEra

HackersEra is a leading offensive cybersecurity service provider. We enable our clients to operate in a more secure environment efficiently and produce more value.

Goldilock

Goldilock

Goldilock is redefining how sensitive data, devices, networks and critical infrastructure can be secured.

PureSquare

PureSquare

PureSquare exist to empower people with simple solutions for their increasingly complex digital security & online privacy needs.

KnoTra Global

KnoTra Global

KnoTra Global is a next-generation Managed Service provider with a portfolio of services including Cybersecurity Solutions, Network Management, IT Leadership, and Day-to-Day Helpdesk and IT services.

Qevlar AI

Qevlar AI

Qevlar AI empowers SOC teams, to eliminate redundant tasks and refocus on what truly matters - making the most of every employee within the SecOps team.

Velotix

Velotix

Velotix empowers organizations to maximize the value of their data while ensuring security and compliance in a rapidly evolving regulatory landscape.

Black Alps

Black Alps

Black Alp's mission is to promote cybersecurity through the organization of dedicated events.

Deimos

Deimos

Deimos is a technology, cloud, hybrid and multi-cloud focused, professional services company. Our expertise and focus is on cloud native Developer and Security Operations.