THE MINISTRY of Defence has the most vulnerable tech security in Whitehall, new figures show.
It follows a question by Reading East MP and shadow minister for AI Matt Rodda back in December last year, in which he enquired about the prevalence of unsecured IT systems in the Defence department.
He asked the Secretary of State for Defence how many of their IT systems were ‘red’ rated referring to guidance on IT risk assessment published by the Central Digital and Data Office in September.
Secretary of State James Cartlidge responded that as of November 21 last year the Ministry of Defence had 11 such systems.
He added: “The MOD takes the issue of the resilience of our IT networks extremely seriously, and we are driving forward with a number of initiatives to improve it.
“Work that has been undertaken in line with the CDDO framework includes conducting of obsolescence risk assessments for our critical systems, and creating remediation plans at pace for any of those requiring immediate attention.”
Mr Cartlidge has refused to publish any further details, however, and Mr Rodda has responded that the situation is “unacceptable.”
He posted to social media explaining: “The Ministry of Defence, the department chiefly responsible for the security of Britain, should simply not have this many critical failures in its IT systems.
“The scale of this problem is utterly unacceptable.”
The cited guidance refers to so-called ‘legacy’ IT systems, which are outdated, often obsolete, technology systems which have been in use for a considerable amount of time.
According to the government’s own guidance from the CDDO says that the rapid pace of digital transformation become less efficient, harder to maintain, and sometimes “incompatible with modern security standards.”
It also cited that they come under increased susceptibility to cyber attacks as they become more outdated, due to the fact that security vulnerabilities become well-known but are not always ‘patched’ out if the systems are not updated.
Systems rated “red” exhibit a combination of factors which make them vulnerable to security breaches at a “critical” level.
This means there is a “significant likelihood” of issues or failures, with the potential for such issues to have “severe” impact.
The guidance explains that such systems require immediate attention “due to their potential to cause substantial harm, disruption, or negative consequences if left unaddressed.”
Mark Francois, former armed forces minister, said to The Telegraph that the Ministry of Defence being the worst offender in Whitehall was “doubly embarassing.”
