A cyber attack which hit the UK’s Defence Academy last year caused “significant” damage which is yet to be fully rectified months on, a retired high-ranking officer has said.
Air Marshal Edward Stringer said it was possible that a hostile foreign state, such as China, Russia, North Korea or Iran, could be responsible for the attack, which was discovered in March 2021.
“It could be any of those or it could just be someone trying to find a vulnerability for a ransomware attack that was just, you know, a genuine criminal organisation,” he told Sky News.
The Defence Academy, which teaches courses to thousands of military personnel, diplomats and civil servants from its campus in Shrivenham each year, was forced to rebuild its network following the attack.
This work is still ongoing and has resulted in “costs to…operational output”, AM Stringer said.
“There were opportunity costs in what our staff could have been doing when they were having to repair this damage,” he said.
“And what could we be spending the money on that we’ve had to bring forward to rebuild the network? There are not bodies in the streets but there’s still been some damage done.”
The consequences were “significant” but “manageable”, he said, adding: “But only manageable because your people work incredibly hard to keep things going and find back-up methodologies.”
No sensitive information was stored on the Defence Academy’s network, according to Sky News.
Hackers may have been using the academy as a “backdoor” to other Ministry of Defence systems, AM Stringer said, however there were no breaches beyond the school.
The attack was first detected when contractors working for Serco, an outsourcing company, discovered “unusual activity” on the network. The retired director general of the academy said there were “external agents on our network who looked like they were there for what looked pretty quickly like nefarious reasons”.
A spokesman for the Ministry of Defence said: “In March 2021 we were made aware of an incident impacting the Defence Academy IT infrastructure. We took swift action and there was no impact on the wider Ministry of Defence IT network. Teaching at the Defence Academy has continued.”