Cybersecurity News

Report: The UK’s Ministry of Defence has the worst cybersecurity in Whitehall

The report highlights 11 “red rated” systems within the UK’s MOD, citing espionage and ransomware concerns.

The UK Ministry of Defence (MoD) has emerged with the most precarious IT systems among all Whitehall departments, featuring 11 systems tagged with a “red rating.”

A red rating signifies the lowest possible security score, indicating that the system is “at a critical level of risk, where the chance of encountering issues or failures is high, and the potential impact of these issues could be severe.” Typically, systems receive a red rating due to the presence of outdated or obsolete components.

By way of comparison, the Department for Work and Pensions trails behind with six red-rated systems, while a total of 34 systems across various government departments share the red-rated classification.

These alarming statistics were brought to light in response to a parliamentary inquiry by Matt Rodda, Labour MP for Reading East and shadow minister for AI and intellectual property. Rodda expressed his dismay, stating, “The size of this problem is totally unacceptable. The Ministry of Defence, the department primarily responsible for the security of Britain, should not have this many serious failures in its systems. We can’t even get the basics right.”

This sentiment found resonance among other political figures, including Tory former defense minister Tobias Ellwood and former armed forces minister Mark Francois, both of whom have called for an urgent review.

The revelations follow a critical report by the Joint Committee on the National Security Strategy titled “A Hostage to Fortune: Ransomware and UK National Security.” The report highlighted the vulnerability of significant portions of the UK’s critical national infrastructure (CNI) to ransomware attacks, especially in sectors relying on outdated IT systems.

The report recommended the establishment of a cross-sector watchdog on CNI cyber resilience due to the suboptimal implementation of existing cyber resilience rules. The Home Office faced specific criticism in the report for its apparent lack of interest in cybersecurity matters.

Recent years have witnessed a series of troubling incidents related to MoD cybersecurity, including a hacking incident involving Russian ransomware group LockBit targeting a supplier, a National Audit Office report warning of potential supply problems for frontline troops due to outdated IT systems, and a fine for a data leak that posed risks to Afghans collaborating with UK forces.

Jake Moore, a global cybersecurity expert at security firm ESET, emphasized the urgency of addressing legacy system vulnerabilities. He noted that while updating such systems might be challenging and costly, it is now imperative to view it as a crucial investment in national security and a fundamental step in safeguarding the country’s digital infrastructure.

Hey! Can we make it official? 😘

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. I promise not to spam you, and you can count on me to keep your data safe πŸ˜‡

Related Hacking Guides

Fifteen Steps to maximising firefox privacy πŸ”’βœ…

Download the complete FireFox checklist that I give to my counter-surveillance clients – completely free of charge! I will take you step-by-step through advanced Firefox Configurations that will help you maximise your privacy, security and anonymity.Β 

Enter your details below and I will email it to you straight away. And don’t worry, your data is safe with me πŸ˜‡

Access free subscriber only content 😘

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. Your data will be encrypted and I will never sell it to third parties πŸ˜‡

UK Cybersecurity Company

About Aitken Security

Aitken Security is a UK Cybersecurity Company specialising in offensive and defensive security.