Last year, damning defence data releases saw the then shadow Labour government put the spotlight on the Tory administration but, with the tables now turned, what progress has been made?
A minister at the Ministry of Defence has cited the department’s urgent need to upgrade ageing IT systems that have been left vulnerable by “years of underfunding”.
Parliamentary disclosures made last year indicated that the MoD was using 11 platforms that had given a red rating on government’s legacy-assessment risk framework – indicating a “critical” level of danger. This figure was higher than any other department of agency.
At the time, representatives of Labour’s shadow cabinet said that the situation was “utterly unacceptable”. In response, the then defence procurement minister James Cartlidge said that “the MoD takes the issue of the resilience of our IT networks extremely seriously, and we are driving forward with a number of initiatives to improve it”.
Now, 18 months on and Cartlidge – who remains the Conservative MP for South Suffolk, but whose party is no longer in government – recently asked the current MoD administration to provide an assessment of “the risk of cyberattacks on legacy systems currently in use by [the] department”.
In response, the minister for defence readiness Luke Pollard claimed that remains an urgent need to update the department’s tech infrastructure – and laid the bulk of the blame at the feet of the Labour government’s predecessors.
Related content
- MoD signs £1.5m deal for ‘cyber adversary simulation’
- Committee finds government cyber defence ‘outpaced by hostile states’
- MoD announces plans to upskill defence personnel on cyber
“After years of underfunding and hollowing out under the previous administration, we recognise there is a need to invest more to bring our systems up to date,” he said. “Defence routinely completes assessments of its digital systems. Understanding these risks is critical to defence’s ability to defend against cyberattacks. Based on these assessments, defence continually implements security improvements to mitigate risks, addressing known vulnerabilities and the expansion of our detect and respond capabilities to identify and block threats. The greater attention to the cyber and electromagnetic domain promised in the Strategic Defence Review will strengthen our ability to deliver our critical outputs.”
The review in question, published earlier this summer, set out scores of recommendations for the future of the military and the wider defence sector – including increased use of artificial intelligence, automation, and other forms of technology.
The framework used to identify and quantify the risks posed by legacy IT was most recently revamped two years ago, in an update that added consideration of waning knowledge of a technology’s operational needs, as well as any issues with downtime in the recent past.
The document enables departments to calculate a risk score for each IT system, with reference to seven indicators of legacy, and six types of potential impact. The maximum possible score is 30, and any system that scores above 16 is considered ‘red rated’.
