The Ministry of Defence’s educational academy was targeted in a cyber attack likely perpetrated by a hostile state which caused “significant consequences”, a retired Air Marshal has revealed.
The “sophisticated” hack against the Defence Academy, the Ministry of Defence’s (MoD), academic arm, was discovered last March prompting a rebuild of the network’s resilience, Air Marshal Edward Stringer told Sky News.
It is not known where the attack originated from, and no sensitive information is believed to be held on the network, but it led to fears that a hostile state or criminal enterprise could penetrate the MoD’s more secure IT infrastructure using the Defence Academy as a “backdoor”, said Air Marshal String.
The Defence Academy, based in Shrivenham, Oxfordshire, provides postgraduate education and training for members of the army and diplomats and civil servants from the MoD, teaching around 28,000 a year. Officers rising up the ranks will often return there later in their career for extra skills.
‘There were costs to output’
Its IT contractors, Serco, first noticed the “unusual activity” in March last year, and it soon became obvious there were “external agents” on the system for “what looked pretty quickly like nefarious reasons”, Air Marshal Stringer said.
He added that although there were “not bodies in the streets, there’s still been some damage done”.
“There were costs to … operational output. There were opportunity costs in what our staff could have been doing when they were having to repair this damage. And what could we be spending the money on that we’ve had to bring forward to rebuild the network?” he said.
The digital branch of the MoD launched an investigation into the cyber attack but no findings have been made public. The National Cyber Security Centre, a branch of GCHQ, was also informed of the hack.
‘China or Russia could be to blame’
China, Russia, Iran and North Korea are among countries that have the capability for such an attack, Air Marshal Stringer said, which is known as a so-called grey zone below the threshold of war.
“It could be any of those or it could just be someone trying to find a vulnerability for a ransomware attack that was just, you know, a genuine criminal organisation,” he added.
A 2018 report by the joint committee on national security strategy warned that the UK Government was failing to act with “a meaningful sense of purpose or urgency” over a growing threat to the UK’s critical national infrastructure (CNI) from cyber crimes.
The report came a year after the NHS was hit by a major cyber attack which shut down its IT systems to demand ransom payments. The Government said the attack, which cost the NHS £92m, had originated in North Korea.
Air Marshal Stringer told Sky News that the MoD was still not reacting quickly enough to attacks, with initial reactions suggesting the March incident was just an IT problem.
“Moving from the analogue and the industrial age to the information age, there are three tipping points,” Air Marshal Stringer said.
“There is a tipping point in the thinking, tipping point in the talking and then the tipping point in the doing, including everybody’s instinctive reactions. I think generally we’re somewhere between those latter two.”
An MoD spokesman said: “In March 2021 we were made aware of an incident impacting the Defence Academy IT infrastructure. We took swift action and there was no impact on the wider Ministry of Defence IT network. Teaching at the Defence Academy has continued.”