UK's Defence Academy suffered damaging cyber attack last year

The attack caused "significant" damage, said a former official. Credit: Crown Copyright/MoD

Image:
The attack caused "significant" damage, said a former official. Credit: Crown Copyright/MoD

The Academy was forced to rebuild its network after the attack, which has still not been attributed to an organisation or state

A 'sophisticated' cyber attack that hit the UK's Defence Academy last year caused "significant" damage, a retired high-level official has revealed.

Air Marshal Edward Stringer, who was officer in charge at the time, told Sky News that the Academy uncovered the incident in March 2021, following which it decided to rebuild its network.

It was Stringer's first interview since leaving the military in August 2021.

Stringer said he was not sure if the hack was the work of a criminal network or a hostile state like Russia, China, or North Korea, but noted that the damage has yet to be fully rectified months on.

"It could be any of those or it could just be someone trying to find a vulnerability for a ransomware attack that was just, you know, a genuine criminal organisation."

The Defence Academy is based in Shrivenham in Oxfordshire. It offers courses to thousands of military personnel, civil servants and diplomats each year, on topics including information warfare, cyber capabilities, international engagement and leadership.

Contractors working for outsourcing firm Serco were the first to notice unusual activity on the Academy's network, in March. The Academy's IT staff soon identified the presence of external agents on the network, who it appeared were there for "nefarious reasons."

While the cyber attack did not succeed, Stringer said it still had "costs to ... operational output" and "opportunity costs in what our staff could have been doing when they were having to repair this damage."

"There are not bodies in the streets, but there's still been some damage done."

The Ministry of Defence's digital branch launched an investigation into the incident after it was discovered, and the National Cyber Security Centre was also made aware of the hack.

According to Sky News, no sensitive data was stored on the compromised systems, and there were no breaches beyond the Academy, although there were some concerns that the attackers could have used the academy's network as a backdoor to other MoD systems.

In a statement, an MoD spokesperson told Sky News: "In March 2021 we were made aware of an incident impacting the Defence Academy IT infrastructure. We took swift action and there was no impact on the wider Ministry of Defence IT network. Teaching at the Defence Academy has continued."

The revelation comes about a year after it was claimed that secret information belonging to the MoD was exposed to outside forces in multiple breaches in 2020, after employees transferred files from secure networks to personal email accounts.

Sky News said in March last year that it had obtained heavily redacted defence documents, showing that the MoD's private sector contractors failed to protect secret military and defence data in over 150 security incidents in 2020.

Cyber security experts have repeatedly warned in recent years that adversaries are trying to target British politicians and defence officials, in attempts to steal sensitive information.

In August last year, Reuters reported that Russian hackers had managed to obtain confidential trade deal documents from the personal email account of former cabinet minister Liam Fox, ahead of the 2019 general election.

Prime Minister Boris Johnson said in 2021 that the UK needs to advance its cyber capabilities, both to stay ahead of enemies and to ensure that threats from adversaries in cyber space are "thwarted at every turn."