British MoD Secrets Exposed In Dozens Of Breaches

Ministry of Defence secrets were exposed in dozens of breaches of military cyber security policy last year, as hostile nations and spy agencies continue to probe the UK's defence sector. Heavily redacted reports obtained by Sky News have revealed that the MoD and its partners failed to protect military and defence data in 37 incidents in 2017.

At the time, warnings issued by the MoD and National Cyber Security Centre mentioned a Chinese espionage group known as APT10 hacking IT suppliers to target military and intelligence information.

Although espionage is considered an "acceptable" state behaviour and not a reasonable pretext for a forceful response, the theft of military secrets remains a serious threat to national security.

The reports of breaches of British military information were redacted to conceal the outcome of the security incidents, including whether they resulted in damaging information being gained by hostile nations. According to the MoD, to publicly confirm details of the breaches beyond their existence would "provide potential adversaries with valuable intelligence on MoD's and our industry partners' ability to identify incidents and react to trends".

"Disclosure of the information would be likely to increase the risk of a cyber-attack against IT capability, computer networks and communication devices," the ministry added.

The incidents involved exposing data to nation-state level cyber risks, such as defence information being left unprotected to foreign states' surveillance of internet traffic. In other slip-ups, information with a 'SECRET' classification was left at risk to physical operations in which spies could have accessed restricted offices, cabinets, and protected computer hardware.

In 10 of the reports, even the incident title is redacted alongside the standard redactions of the incident description and outcome, suggesting the breaches were so severe the Ministry of Defence would regard even admitting that they happened as harming national security.

In other breaches, computer peripherals which hadn't been checked for espionage malware were connected to classified systems, and devices, documents, and rooms were left exposed to unauthorised parties on multiple occasions. Two incidents regard mobile phones and a laptop being taken overseas.

Sky

You Might Also Read: 

Chinese Hackers Steal Naval Warfare Secrets:

Chinese Spy Extradited To Go On Trial:

 

« It's Time To Embrace Blockchain Technology
British National Cyber-Centre Thwarts Hostile Hackers »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZDL Group

ZDL Group

At ZDL (formerly ZeroDayLab) we take a comprehensive view of our clients cyber security risks and provide quality services to address those risk

NICE Systems

NICE Systems

NICE Systems provide software solutions to ensure compliance, fight financial crime, and safeguard people and assets.

InAuth

InAuth

InAuth Security Platform delivers advanced device identification, risk detection, and analysis capabilities to help organizations limit risk and reduce fraud.

Arthur J Gallagher & Co

Arthur J Gallagher & Co

Arthur J. Gallagher & Co. is a global insurance brokerage and risk management services firm. Services include Cyber Liability insurance.

Malomatia

Malomatia

Malomatia is a leading provider of technology services and solutions in Qatar including information security.

HYPR

HYPR

HYPR Decentralized Authentication minimizes the risk of enterprise data breaches while providing an enhanced user experience for your customers and employees.

Fingerprint Cards

Fingerprint Cards

Fingerprint Cards develops and produces biometric components and technologies that verify a person’s identity through the analysis and matching of an individual’s unique fingerprint.

NetApp Excellerator

NetApp Excellerator

NetApp Excellerator is NetApp’s global start-up program that aims to fuel innovation by partnering with deep-tech start-ups.

ConnectWise

ConnectWise

The Unified ConnectWise Platform offers intelligent software and expert services to easily run your business, deliver your services, secure your clients, and build your staff.

BCN Group

BCN Group

BCN Group is an agile IT solutions provider. We are experts in delivering and managing business-critical technology solutions.

SubRosa Cyber Solutions

SubRosa Cyber Solutions

SubRosa Cyber Solutions solves its clients’ most tenacious information security, risk and compliance challenges through a multitude of information technology services and expertise.

Strivacity

Strivacity

Strivacity lets brands quickly add secure login and identity management capabilities to their customer-facing applications without tying up an army of developers or consultants to do it.

The Purple Guys

The Purple Guys

The Purple Guys offer Trouble-Free IT Support to businesses across the Central and Southern US. Safe and Secure, Rapid Response, Friendly Support that’s our Purple Promise.

Foghorn Consulting

Foghorn Consulting

Foghorn can analyze your cloud to enhance performance and security, while reducing costs. Based on AWS’ 6 Pillars, our AWS WAFR Certified Engineers Will Identify Areas of Improvement.

XONA Systems

XONA Systems

XONA is The Zero Trust user access platform for the OT enterprise. Secure operational access to critical systems - from anywhere.

AuthenticID

AuthenticID

Our mission at AuthenticID is to combat fraud worldwide and help businesses protect their enterprise and valuable data assets.