British MoD Secrets Exposed In Dozens Of Breaches

Uploaded on 2018-10-17 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

Ministry of Defence secrets were exposed in dozens of breaches of military cyber security policy last year, as hostile nations and spy agencies continue to probe the UK's defence sector. Heavily redacted reports obtained by Sky News have revealed that the MoD and its partners failed to protect military and defence data in 37 incidents in 2017.

At the time, warnings issued by the MoD and National Cyber Security Centre mentioned a Chinese espionage group known as APT10 hacking IT suppliers to target military and intelligence information.

Although espionage is considered an "acceptable" state behaviour and not a reasonable pretext for a forceful response, the theft of military secrets remains a serious threat to national security.

The reports of breaches of British military information were redacted to conceal the outcome of the security incidents, including whether they resulted in damaging information being gained by hostile nations. According to the MoD, to publicly confirm details of the breaches beyond their existence would "provide potential adversaries with valuable intelligence on MoD's and our industry partners' ability to identify incidents and react to trends".

"Disclosure of the information would be likely to increase the risk of a cyber-attack against IT capability, computer networks and communication devices," the ministry added.

The incidents involved exposing data to nation-state level cyber risks, such as defence information being left unprotected to foreign states' surveillance of internet traffic. In other slip-ups, information with a 'SECRET' classification was left at risk to physical operations in which spies could have accessed restricted offices, cabinets, and protected computer hardware.

In 10 of the reports, even the incident title is redacted alongside the standard redactions of the incident description and outcome, suggesting the breaches were so severe the Ministry of Defence would regard even admitting that they happened as harming national security.

In other breaches, computer peripherals which hadn't been checked for espionage malware were connected to classified systems, and devices, documents, and rooms were left exposed to unauthorised parties on multiple occasions. Two incidents regard mobile phones and a laptop being taken overseas.

Sky

You Might Also Read: 

Chinese Hackers Steal Naval Warfare Secrets:

Chinese Spy Extradited To Go On Trial:

 

« It's Time To Embrace Blockchain Technology
British National Cyber-Centre Thwarts Hostile Hackers »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Ripjar

Ripjar

Ripjar is a global company of talented technologists, data scientists and analysts designing products that will change the way criminal activities are detected and prevented.

maCERT

maCERT

maCERT is the national Computer Emergency Response Team for Morocco.

SentinelOne

SentinelOne

SentinelOne is a pioneer in delivering autonomous security for the endpoint, datacenter and cloud environments to help organizations secure their assets with speed and simplicity.

BigID

BigID

BigID is redefining personal data protection and privacy. BigID software helps companies secure their customer data & satisfy privacy regulations like GDPR.

Cyber Affairs

Cyber Affairs

Cyber Affairs is the first Italian press agency entirely dedicated to cyber security.

CSI

CSI

CSI is a Managed Service Provider (MSP) delivering Hybrid Multi-Cloud, Data Protection, and Cyber Security solutions to highly regulated industries.

KOS-CERT

KOS-CERT

KOS-CERT is the national Computer Incident Response Team for Kosovo.

IAmI Authentications

IAmI Authentications

IAmI is a first in Tokenization Cloud-based IAM Security Services, delivering the most advanced form of Two-Factor Authentication.

Monster Jobs

Monster Jobs

Monster is a global leader in connecting people to jobs, wherever they are. Monster covers all job sectors including cybersecurity in locations around the world.

Optimum Speciality Risks

Optimum Speciality Risks

Optimum Speciality Risks are an experienced team of cyber insurance experts, backed by Lloyds of London.

Strike Graph

Strike Graph

The Strike Graph GRC platform enables Security Audits & Certifications.

NOW Insurance

NOW Insurance

NOW Insurance provides small business owners and other professional classes with a seamless purchasing experience for general liability, professional liability, and cybersecurity insurance coverage.

RegScale

RegScale

RegScale helps organizations comply in real-time with multiple compliance requirements (NIST, CMMC, ISO, SOX, etc), scalable to meet the needs of the entire enterprise.

Entech

Entech

Entech is a managed IT service provider. We work behind the scenes on your network to ensure data security and integrity.

Fusion5

Fusion5

Fusion5 is a leading ANZ Business Services and IT Solutions provider. Our customers trust us to make their potential reality by providing advisory, IT project deployment, and managed services.

Rankiteo

Rankiteo

At Rankiteo, we are pioneers in cybersecurity risk management. Our mission is to empower organizations with the tools they need to assess, enhance, and safeguard their digital landscapes.