Tag: mod

MoD lost over 200 computers in the last year

The Ministry of Defence had 206 computers stolen in the past year, along with a number of BlackBerry phones and other mobile devices, department figures have revealed.

As well as the loss of computers, 34 BlackBerry devices went missing during the financial year 2011-12, as well as 24 other mobile devices.

The number of PCs and laptops being lost or stolen from the department is lower than the previous year, when 371 hardware items went missing.  There was an increase in the number of mobiles that were unaccounted for, including BlackBerry devices used by civil servants and Ministers for departmental business.  

MoD minister Mark Francois said in a statement that the department is looking at new ways to prevent the theft or loss of devices.

“The Ministry of Defence takes any theft of, loss of, attacks on, or misuse of, its information, networks and associated media storage devices very seriously and has robust procedures in place to mitigate against and investigate such occurrences,” the Conservative MP said. 
“Furthermore, new processes, instructions and technological aids are continually being implemented to mitigate human errors and raise the awareness of every individual in the Department.”

TechEye has approached the MoD to find out whether this includes the use of device tracking software, but is yet to receive a reply.   

Francois added that there has been no reason to believe that any sensitive information has been accessed as a result of the theft or loss of IT equipment.

“Following thorough investigations, the Joint Security Co-ordination Centre has not received any evidence that demonstrates that the information has been compromised,”  he said.

“A significant number of the incidents involve information that had been encrypted to government standards and, while the data was lost, the chance of compromise of encrypted information is deemed to be minimal,” Francois said.

Francis Maude to warn MPs on hacking threat

The Daily Telegraph has branded disgruntled hackers attacking big brands as “terrorists”, as Cabinet Office minister Francis Maude gets ready to brief MPs on a new cyber security initiative that hopes to combat attacks that cost the UK “billions”.

In its ‘terrorism in the UK’ section, the Telegraph warns that big name companies are increasingly facing attacks that bring them down on a ‘daily basis’. It did not point the finger at any specific groups.

Late last month, Paypal claimed in court that hackers afilliated with Anonymous cost it £3.5 million.

Francis Maude will later today outline details of a £650 million initiative that proposes to protect Britain from cyber attacks while also offering to outsource expertise abroad as a business venture, the Drum reports.

Just how much DDOSing companies who operate in the UK is costing the wider economy – considering the latest in the PAC tax fiasco that focused on just three firms – is up for debate. However, unnamed senior government officials told the Telegraph that they were shocked to hear from Adidas who consider online attacks part of a “daily routine”.

Aside from big business losing out, the official warned that the Ministry of Defence’s networks also get attacked daily, although he didn’t comment on just how much and the severity of the attempts. A former staffer at the MoD told us under condition of anonymity last year that the department faced thousands of botnet attacks a day – and that many of them came from China, with the attacks decreasing ‘significantly’ when Chinese IP addresses were blocked.

There were also attacks against Britain’s critical national infratructure (CNI), and that the official’s department spends “an awful lot of our time helping and advising members of the CNI to protect their infrastructure”.

The official conceded that part of the conversation now is understanding options in the cybersecurity space – including offence.

MoD's Qinetiq leads UK cyber security consortium

In the mid 2000s, under New Labour, a research arm of the Military of Defence (MoD) was spun off, carved up, and sold to the highest bidder, emerging as a company called Qinetiq. The UK held, at first, a majority share – which eventually dwindled and was finally sold off. Now it has been contracted by some familiar faces to lead a consortium which aims to protect the MoD from cyber attacks.

The consortium is called Enabling Secure Information Infrastructure, or ESII. For this particular contract, Qinetiq, which is partly owned by the US’ Carlyle Group, mentions that there are 11 suppliers including major defence agencies along with UK universities and small and medium sized enterprises. In the past, Qinetic has rubbed shoulders in large-project consortiums with companies like BAE Systems, BT, EADS, EDS, and IBM

The ESII consortium has been appointed by the Defence Science and Technology Laboratory (DSTL)’s Centre for Defence Enterprise (CDE). DSTL made up the smaller part of the UK’s Defence Evaluation and Research Agency (DERA), with the larger part becoming Qinetiq.

DSTL is the largest scientific organisation operating within British government – employing roughly 3,500 – although it operates as a commercial enterprise. The purpose of the DSTL is for technological defence and security research for the MoD and government that is deemed too sensitive for the private sector. 

DSTL commissioned the consortium to build a cloud ecosystem where multiple users would be able to securely access files, programs, applications and services remotely – this architecture, the group says, was then used to provide a secure collaboration environment for testing concepts, tools and techniques to “improve cyber situational awareness”. 

Nine proposals from a list of eleven suppliers were successful and received DSTL funding. In its first phase, they will detail the technical aspects of their proposals before putting ta technical design paper to the MoD. Once that is approved, the phase two demonstrations will get the reen light. Along with Qinetic, other suppliers are: HW Comms Ltd, Brunel University, Northrop Grumman, University of Oxford, University of Warwick, University of Glamorgan, Cassidian Systems, Montvieux Ltd, Roke Manor Research, Thales R&T, and EADS Innovation Works. Qinetiq claims that among the proposals were plans for countering sophisticated network intrusion attacks, and virtualising attack data. 

Qinetiq and the ESII’s end goal appears to be in creating a network in which concept attacks and the response to these threats can be analysed, in preparation for the real thing. DSTL’s head of the Cyber and Influence Science and Technology Centre said in a statement that testing cyber security concepts helps DSTL to understand sophisticated threats and situations that the UK may face in real life. In turn, it is claimed, this will help the Ministry of Defence improve its “capabilities in cyberspace” – and give the government a head start on the kinds of attacks that are, without doubt, going to emerge.

Qinetiq’s Tim Dean, from the information assurance assurance division, claimed that situational awareness in cyber security will, in the long term, saves costs for the UK if it is able to react to threats quickly and effectively. “Developing an awareness of potential cyber threats and the actions that could be taken to counter them,” Dean said, will enable the MoD to react quickly and result in potential cost savings”.

Speaking with TechEye, a former Ministry of Defence worker familiar with the matter said that, just four years ago, the MoD was under attack from 600,000 automated botnet attacks every single day. Most were suspected to have originated from China – when addresses from China were blocked, the number drastically decreased temporarily. Meanwhile, Bit9 CEO Patrick Morley told TechEye that any organisation or company with highly sensitive intellectual property faces, without question, infrastructure attacks from private-public hybrid corporations often acting on behalf of nation-states. 

CSC to cut 640 jobs after botched NHS contract

Computer Sciences Corporation has announced it will cut 640 jobs, taking its total redundancies to 1,100 in the past two months.

Staff working on an NHS contract to create a national electronic database have been told that they will face compulsory redundancies.

CSC had been tasked with putting into place the ill-fated Lorenzo system, which resulted in the firm losing out on almost a billion pounds it was due to get from the NHS for the disastrous £12 billion project.  

Now CSC has announced that it will have to cut employee levels by 640 after prolonged negotiation over staff numbers on the NHS contract. 

This is despite claims from unions insisting that compulsory redundancies are not in fact necessary.

Unite claims that it has put a plan in place to avoid the necessity of redundancies, with sufficient numbers of staff already volunteering to leave the firm.   

The union labelled the cuts “wholly unnecessary”, and claimed that the firm was only concerned with lining its shareholders pockets.

Unite is also angry at the role of the National Outsourcing Association, which supported the job cuts.

Jobs of workers at the Chesterfield, Chorley, Leeds and Solihull sites will go. Unite hit out at CSC for ensuring the safety of jobs outsourced to India, where the union says they have been guaranteed “regardless of expertise or level of skill”.

CSC has claimed that the cuts are in fact due to a shifting landscape in the IT services market. 

CSC recently managed to wrangle a large Ministry of Defence contract, after being given the nod by the government to take the job off of HP’s hands.

MoD contracts company to kill multi-vendor nightmare

Britain’s Ministry of Defence has given the green light to a company called PB Partnership to work on proof-of-concept software which promises to cut down on multi-vendor products on the battlefield.

PB Partnership touts itself as a company that specialises in developing software specifically for the battlefield and “other challenging environments”. Now, the MoD thinks that PB’s 2iC software can co-ordinate military tech from current suppliers.

PB claims that the 2iC software helps military gear work together “seamlessly” in difficult environments. The company says that there’s no software on the market right now which will let technology for war operate together – so that cameras, sensors and computer systems can operate side-by-side without a hitch and effectively as one piece of equipment.

PB says that is why 2iC is vitally important. Rather than struggling with kit that doesn’t talk to each other, 2iC, PB claims, unifies everything and frees up the time of soldiers.

Good news for critics of the spendthrift MoD, then, if PB is to be believed – because you can cut out the chaff involved in forcing systems into working together. 

The company believes its software will be able to understand the language of multiple vendors and that it doesn’t require a deep understanding of each to do so, whether it’s proprietary or open. 

PB’s project is backed by Selex Galileo’s Battlespace Solutions Business Group and Ultra Electronics, Command & Control Systems, which sound very scary.

According to a statement, the proof of concept demo should surface in March 2012. Terms of the contract were not disclosed. 

China's ZTE opens infrastructure testing in London

Chinese ZTE is one of the most fascinating companies doing the rounds right now, and it is moving in next to major internet hubs for the United Kingdom, the telehouses hosted in London’s Docklands. 

Its innovation centre has opened, which is a network and development project – the first of 10 it plans to open around the world. It will sit next to a QiComm data centre. The plan is for ZTE to test its infrastructure live for both wired and wireless networks. It will be housed in Greenwich View, just down the road from the heart of the UK’s financial sector. 

MD of ZTE UK, Jim Jing Hui, said in a statement: “ZTE is now a force to be reckoned with in the UK telecoms infrastructure market.” Indeed, it wants its paws in every other pie too, from consumer electronics all the way back up to infrastructure. And it’s succeeding. 

Although ZTE claims it will be helping the UK boost its infrastructure, there may be other concerns.

Rival Huawei was recently turned down for offering wireless networks on the London Underground in time for the Olympic Games. Security reasons weren’t made public, but industry watchers noted that a company entrenched with the Bank of China and the Chinese military operating a huge network essential to business and close to government should have raised eyebrows.

High level government security breaches often see the finger pointed squarely at China, while Lawmakers in the United States have voiced similar worries about ZTE’s ties at home. A source close to the Ministry of Defence in the UK told us last year that blocking malicious IP addresses from China would significantly lower the amount of attacks on UK IT systems, until they found another way around. 

Along with Huawei, ZTE is busy reassuring the world and its dog that it has nothing to worry about.

Both are already rolling out infrastructure worldwide, not just in the APAC region but across Europe and, they hope, the America too.

Soon enough relatively cheap technology from China will be powering the world. 


Liam Fox owns up to serious MoD cyber attacks

The Ministry of Defence (MoD) suffered around 1000 “potentially serious” cyber attacks last year.

That’s the latest confession from Defence Secretary Liam Fox who told delegates at the London Chamber of Commerce and Industry that cyber security threats had doubled over the past year and his department was the main target.

We would not be surprised if the figure was higher. Back in February an ex-MoD employee told TechEye that the department faced a barrage of 600,000 automated botnet attacks a day.

At the time he told us they mostly came from China, with a significant decrease when addresses from China were blacklisted. A trusted cyber-security analyst told us under confidentiality it was no secret the UK faced such attacks which targeted intelligence systems and businesses alike.

This week Mr Fox echoed the claims, telling delegates that the MoD’s systems were targeted by criminals and foreign intelligence services “seeking to exploit our people, corrupt our systems and steal information.”

He went on to warn that such attacks could damage the UK’s economic recovery, British industry and national security. Much like the Coalition itself.

The government announced last year that it would spend £650m to strengthen cyber resilience after identifying cyber threats as one of the most serious “Tier One” national security challenges.

In February, Foreign Secretary William Hague also revealed that some government computers had been infected by a virus last year, and that there had been an attempt to steal data from a UK defence contractor.

IT crowd to work alongside the army

The IT crowd has been ordered to work alongside the British army to put the fear of geek into the enemy.

As part of the Ministry of Defence’s (MoD) plans Counterstike-trained cyber geeks will join troops to help fight a cyber war.

The new recruitment come as the MoD moves to blast threats highlighted in last year’s National Security Strategy report, which targeted cyber crime as one of the four key areas for national security.

In fact, it’s so concerned about this threat that it’s said that the ‘cyber’ soldiers will be classified using similar ranks as conventional troops.  We would have thought that they would want to be done in levels so they can tell their mates that they are a level 21 cyber warrior armed with the plus five toolkit of doom.

It said this was because its forces abroad and in blighty depended on computer networks, which could fold if they weren’t protected from cyber threats.

Technical cyber operations could be conducted in parallel with more conventional actions the sea, land and air operations, although this might mean moving geeks outside, which is not their normal habitat.

The  MoD is  funding the IT Crowd with some of the £650m set aside for cybersecurity under the government’s strategic defence and security review last October.

And it looks like we’re in good cyber company with both the US and China slso previously announcing investment in cyberwarfare.

MoD spends £6 million on BlackBerrys

Details have been revealed of departmental government spend on mobile devices with costs in some spiralling into the millions.

Conservative MP for Finchley and Golders Green, Mike Freer, sent written questions to Whitehall demanding a breakdown of the amount of officials given mobile devices and the amount spent in total on handsets and “related data services”.

The highest costs landed with the Ministry of Defence, which provided comprehensive figures including more than just officials as requested, with the total for Ministers, civil servants and armed forces as part of the Defence Fixed Telecommunications Service hitting £6.6 million for an array of BlackBerrys and 3G data cards.

This included a total of 45,306 devices given to employees.

For officials, the Transport Department showed the largest usage – with 7,757 officials split across its seven executive agencies accounting for an impressive £1.5 million spent on devices.

It seems with a freeze on pay increases in the civil service the Transport Department has taken to handing out free mobile devices to all of its staff as a form of compensation.

Meanwhile 1,741 staff handed a mobile at the Department for Health drummed up costs of £738,301 “including contract and usage charges”.

Of this expenditure, Minister for Health Simon Burns recently highlighted a loss of equipment including the ubiquitous RIM BlackBerry and Lenovo laptops due to theft amounting to £13,166.

Other answers show that the Department for International Development handed 728 officials mobiles, with a total spend of £222,789, though Secretary of State Alan Duncan was unable to provide a full estimate of the overseas spending due to the cost of collating the data – which does not exaclty bode well.

The Department for Communities and Local Government also doled out 725 mobiles to its staff at a cost of £113,000, while the Northern Ireland Office spent £13,957 on mobiles and services to 52 staff, and the Scotland Office provided 27 members of staff with £12,757 worth of freebies.

MoD web blunder says Trident vulnerable to "disaffected sailors"

A blunder by the Ministry of Defence staff meant that secret information about nuclear submarines was accidentally made available for the world to see online.

The MoD made the document available, which gave information about nuclear reactors for future replacements for the British Trident nuclear fleet, after anti-nuclear campaigners filed a Freedom of Information request.

The accident occurred after parts of top secret details on a document posted online were wrongly blacked out by staff.

Although large sections of the document detailing the weaknesses in current submarines were blacked out, it was found that these were easily retrievable by cutting-and-pasting the document elsewhere.

This is because although several whole pages of the document had been blacked out by MoD staff highlighting them in black, by changing the background colour and copying the text the words became visible.

Thanks to the blunder, avid readers found that “Trident subs were vulnerable to accidents, which could be triggered by a disaffected sailor.” Details of the US nuclear sub fleet’s safety measures were also included in the document.

Of course it was a journalist who found out. 

This isn’t the first time the MoD has slipped up. In 2008 the department lost an entire server, while over two years 340 laptops have been lost. It’s also had secrets leaked on Facebook.