Locks and Security News: your weekly locks and security industry newsletter
5th August 2020 Issue no. 519
Your industry news - first
We strongly recommend viewing Locks and Security News full size in your web browser. Click our masthead above to visit our website version.
Hackers have breached top secret MoD systems
Computer hackers have managed to breach some of the top secret systems within the Ministry of Defence, the military's head of cyber-security has revealed. Major General Jonathan Shaw told the Guardian the number of successful attacks was hard to quantify but they had added urgency to efforts to beef up protection around the MoD's networks.
"The number of serious incidents is quite small, but it is there," he said. "And those are the ones we know about. The likelihood is there are problems in there we don't know about."
Government computer systems come under daily attack, but though Shaw would not say how or by whom, this is the first admission that the MoD's own systems have been breached.
The Serious Organised Crime Agency, took its website offline on Wednesday night after becoming the target of a cyber-attack. A spokesman said the attack did not pose a security risk to the organisation.
Shaw, a veteran of the Falklands and Iraq wars, also said the MoD had to be prepared to embrace unconventional and "wacky" ideas if the military wanted to catch up with, and then stay ahead of, rivals in the cybersphere. Getting "kids on the street" to help the military was vital, he said.
"My generation - we are far too old for this; it is not what we have grown up with. Our natural recourse is to reach for a pen and paper. And although we can set up structures, we really need to be on listening mode for this one."
He added: "If we want to work the response, if we want to know really what is happening, we really have to listen to the young kids out in the street. They are telling us what is happening out there.
"That will pose a real challenge to us. This thing is moving too fast. The only people who spot what is happening are people at the coal face and that is the young kids. We have to listen to them and they have to talk to us."
A former director of UK special forces, Shaw, 54, said he thought the military could learn a trick or two from firms such as Facebook.
The company has a "white hat" programme in which hackers are paid rewards for informing them when they have found a security vulnerability.
Nine people in the UK have been paid a total of $11,000 (£6,785) for working with Facebook. Shaw said this was the kind of "waacky idea we need to bring in."
Shaw has spent the last year reviewing the MoD's approach to cyber-security, and the kind of cyber-capability the military will need in the future.
He says next year's MoD budget is expected to include new money for cyber-defence - an acknowledgment that even during a time of redundancies and squeezed budgets, this is now a priority.
The general said the MoD wasn't "doing badly - but we could do a hell of a lot better. We will get there, but we will have to do it fast. I think it was a surprise to people this year quite how vulnerable we are, which is why the measures have survived so long in the [budget] because people have become aware of the vulnerabilities and are taking them seriously."
China and Russia have been accused of being behind most of the sophisticated cyber-attacks, with state-sponsored hackers targeting military secrets from western governments, or intellectual property from British and American defence firms.
Shaw refused to point the finger at any nation, but admitted the UK was "trying to engage the Chinese on rules of the road in cyberspace", pressing the argument that new international treaties are not necessary to stop this kind of theft and espionage.
Shaw said the number of attacks was "still on an upward curve - and the pace of change is unrelenting."
In his last interview before retiring, Shaw said the UK had to develop an array of its own cyber-weapons because it was impossible to create entirely secure computer systems.
"It is quite right to say that pure defence, building firewalls, will not keep the enemy out. They might be inside already. There is no such thing as total security. You have to learn to live with certain insecurities.
"One needs to engage in internal defence and be quite aggressive about it. And if you are going to manoeuvre in cyberspace, that is something that obviously involves action across the spectrum."
9th May 2012