MoD silent on cyber attack that stole data from its systems

The Ministry of Defence (MoD) has refused to reveal any more information on a cyber espionage attack that led to the theft of key data from its systems.
The attack was revealed on Wednesday in a report by the Intelligence and Security Committee (ISC) in its annual briefing to parliament.
In the document the ISC revealed that the MoD confirmed the loss when giving evidence earlier this year to the committee.

The report said: “Government departments are also targeted via attacks on industry suppliers, which may hold government information on their own systems. We have been told that cyber espionage ‘[has] resulted in MOD data being stolen'."

In response, when contacted by V3, the MoD said it would not disclose any more information on the attack, such as when it happened or what type of data was stolen, although it did acknowledge that such attacks are commonplace.
"MoD networks and systems are probed on a regular basis. For operational reasons we do not comment on the number or nature of these attacks," a statement read.
The attack on the MoD was not the only threat revealed by the ISC as it informed parliament that numerous government departments were hit by a attack in the summer of 2012, with 200 email accounts within 30 departments targeted.

“In recent years, many government departments have come under cyber attack: often, this has involved websites being disrupted by denial-of-service attacks, and last summer over 200 email accounts across 30 government departments were targeted in an attempt to steal confidential information,” it said.
The ISC said the government systems to protect against such attacks are “reasonably well developed” but there are still concerns over whether updates to key security tools and software are applied quickly enough to protect networks.

Overall the ISC said such attacks underline the scale of the threat facing the UK and the need for the government to do all it can to protect against cybercrime.

“The threat the UK is facing from cyber attacks is disturbing in its scale and complexity. The theft of intellectual property, personal details and classified information causes significant harm, both financial and non-financial,” it said.

“It is incumbent on everyone – individuals, companies and the Government – to take responsibility for their own cyber security. We support the Government’s efforts to raise awareness and, more importantly, our nation’s defences.”
As such it said that, while spending cuts in the defence budget were accepted, cyber security must remain a key priority for future resources.

“Planning must begin now to ensure that resources will be made available to combat cyber attacks in the latter half of this decade, bearing in mind the resources our allies are putting into this area in recognition of the seriousness of the threat," it said.
"The government must ensure that real progress is made as part of the wider National Cyber Security Strategy: the UK cannot afford not to keep pace with the cyber threat."