MoD data taken in unspecified attack, as the level of cyber espionage worries intelligence committee
The Ministry of Defence (MoD) has been successfully penetrated by cyber espionage, the level of which has hit new highs, MPs have warned.
The Intelligence and Security Committee, in its annual report released today, said it had been told in March this year that an unspecified, undated cyber espionage campaign had stolen MoD data.
The committee also noted a previous claim that last summer over 200 email accounts across 30 government departments were targeted as attackers sought to steal confidential information.
‘Disturbing’ cyber espionage
“State-sponsored cyber espionage is happening on a large scale and targets intellectual property and sensitive commercial information across the UK economy, in addition to government classified information.”
Previously officials said the government was hit by 33,000 malicious emails every week, which are “likely to contain a link to sophisticated malware”.
Adrian Price, head of information security at the MoD, recently bemoaned the investment from the government in IT security, which he claimed should be billions higher than what it was.
The committee also raised various concerns with the government’s cyber strategy, the most pressing being the lack of skills.
“Ensuring that they [intelligence and defence agencies] can recruit and retain staff with the specialist skills required for this highly technical work remains an area of concern,” the report added.
“Although we cannot hope to match the resources of the US, we must consider whether more resources are needed to provide a step-change in our cyber effort. The UK cannot afford to lag behind in building its cyber skills and capabilities.”
The committee also fretted over the lack of effort being placed into more proactive methods of fighting cyber threats, although it did not go so far as to mention “hacking back”.
“Whilst work is underway to develop those capabilities that will protect the UK’s interests in cyberspace, it is now halfway through the Spending Review period, and we are therefore concerned that much of this work remains preparatory and theoretical, with few concrete advances.
“Planning must begin now to ensure that resources will be made available to combat cyber attacks in the latter half of this decade, bearing in mind the resources our allies are putting into this area in recognition of the seriousness of the threat.”
The committee said it would also like to see action on the controversial Communications Data Bill, otherwise known as Snoopers’ Charter. The Home Office wrote the draft bill to ensure law enforcement could gain quick access to metadata, such as the who, when and where of communications.
Having initially been blocked by the Liberal Democrats, there has been a resurgence in support for the bill, largely because of the murder of soldier Lee Rigby in Woolwich, allegedly carried out by extremists.
“We are concerned that not enough has been done to resolve this issue. The problem will not go away – there remains a capability gap in the ability of the police and agencies to access communications data which must be addressed.”
What do you know about Internet security? Find out with our quiz!