British MoD Secrets Exposed In Dozens Of Breaches

Ministry of Defence secrets were exposed in dozens of breaches of military cyber security policy last year, as hostile nations and spy agencies continue to probe the UK's defence sector. Heavily redacted reports obtained by Sky News have revealed that the MoD and its partners failed to protect military and defence data in 37 incidents in 2017.

At the time, warnings issued by the MoD and National Cyber Security Centre mentioned a Chinese espionage group known as APT10 hacking IT suppliers to target military and intelligence information.

Although espionage is considered an "acceptable" state behaviour and not a reasonable pretext for a forceful response, the theft of military secrets remains a serious threat to national security.

The reports of breaches of British military information were redacted to conceal the outcome of the security incidents, including whether they resulted in damaging information being gained by hostile nations. According to the MoD, to publicly confirm details of the breaches beyond their existence would "provide potential adversaries with valuable intelligence on MoD's and our industry partners' ability to identify incidents and react to trends".

"Disclosure of the information would be likely to increase the risk of a cyber-attack against IT capability, computer networks and communication devices," the ministry added.

The incidents involved exposing data to nation-state level cyber risks, such as defence information being left unprotected to foreign states' surveillance of internet traffic. In other slip-ups, information with a 'SECRET' classification was left at risk to physical operations in which spies could have accessed restricted offices, cabinets, and protected computer hardware.

In 10 of the reports, even the incident title is redacted alongside the standard redactions of the incident description and outcome, suggesting the breaches were so severe the Ministry of Defence would regard even admitting that they happened as harming national security.

In other breaches, computer peripherals which hadn't been checked for espionage malware were connected to classified systems, and devices, documents, and rooms were left exposed to unauthorised parties on multiple occasions. Two incidents regard mobile phones and a laptop being taken overseas.

Sky

You Might Also Read: 

Chinese Hackers Steal Naval Warfare Secrets:

Chinese Spy Extradited To Go On Trial:

 

« It's Time To Embrace Blockchain Technology
British National Cyber-Centre Thwarts Hostile Hackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BruCON

BruCON

Brucon is Belgiums premium security and hacking conference.

Cigniti Technologies

Cigniti Technologies

Cigniti Technologies provides Independent Software Testing (IST) Services including software security testing.

National Authority Against Electronic Attacks (NAAEA) - Greece

National Authority Against Electronic Attacks (NAAEA) - Greece

The National Authority Against Electronic Attacks (NAAEA) is the national computer emergency response team of Greece.

Snyk

Snyk

Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world.

Cybersecurity Collaborative

Cybersecurity Collaborative

CyberSecurity Collaborative is a forum for CISOs to share information that will collectively make us stronger, and better equipped to protect our enterprises from those seeking to damage them.

Sysorex Government Services

Sysorex Government Services

Sysorex Government Services helps customers meet their strategic missions by providing secure, optimized IT solutions that allow them to perform more efficiently and effectively.

Cyber Struggle

Cyber Struggle

At Cyber Struggle, our aim is training and certifying the special forces of the cyber world.

GreenWorld Technologies

GreenWorld Technologies

GreenWorld has a proven track record in industry leading IT asset management, secure data destruction and remarketing.

MOXFIVE

MOXFIVE

MOXFIVE is a specialized technical advisory firm founded to bring clarity to the complexity of cyber attacks.

CyberArmor

CyberArmor

Cyber Armor defend everyday IT and OT systems, from government agencies to critical infrastructure, from system integrators to small industries.

Zeva

Zeva

Zeva solves complex identity and encryption challenges for the federal government and corporations around the globe.

Digital Security by Design (DSbD)

Digital Security by Design (DSbD)

Digital Security by Design is an initiative supported by the UK government to transform digital technology and create a more resilient, and secure foundation for a safer future.

Information Systems Security Association (ISSA)

Information Systems Security Association (ISSA)

ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

RAND Corporation

RAND Corporation

The RAND Corporation is a non-profit institution that helps improve policy and decision making through research and analysis.

Fulcrum IT Partners

Fulcrum IT Partners

Fulcrum IT Partners is the parent company of an expanding portfolio of established IT solution companies around the world with proven expertise in cyber security, cloud, and managed services.

Galvanick

Galvanick

Galvanick enables your operations and IT teams to protect your industrial systems and networks against digital threats.