In a surprisingly honest admission yesterday, Major General Jonathan Shaw, the military’s head of cyber-security in the UK, conceded to the Guardian in his last interview before retiring that the United Kingdom’s Ministry of Defense systems have been breached multiple times by hackers.
Though he stated it was hard to quantify the number of successful attacks, he did emphasize that there was only a small number of serious incidents, but added, “Those are the ones we know about. The likelihood is there are problems in there we don’t know about.”
The candid admission that the top secret MoD systems were more vulnerable than previously thought seems to indicate a move towards recognizing the new security challenges in today’s increasingly technology driven age.
Shaw said, “It was a surprise to people quite how vulnerable we are.”
Now, hackers targeting government computer systems is nothing new. In the United States alone, the FBI and CIA systems are under attempted attacks every single day, with very few successful breaches, but it does happen. We should not therefore be taken aback that the MoD systems are similarly targeted. Any computer system that is at the brunt of that type of daily onslaught is bound to have a few successful attempts slip through.
Shaw additionally pointed out the difficulties of getting the military top brass to adapt to new technologies and truly understand the severity of cyber threats, and allocate resources accordingly, as they come from a different generation which tends to be set in their ways.
He pointed to an example of the MoD headquarters in Whitehall, which allows mobile devices such as cell phones and tablets into offices, allowing for a serious threat to anyone attempting to use them to gather information.
Instead Shaw observes that the MoD should be looking outside the box and turning to youth to find new ideas to help stay ahead of cyber rivals. He added, “That will pose a real challenge to us. This thing is moving too fast. The only people who spot what is happening are people at the coal face and that is the young kids. We have to listen to them and they have to talk to us.”
He mentioned they should look at the possibilities of implementing a program similar to Facebook’s “white hat” program that rewards hackers with monetary compensation for finding security vulnerabilities in the system and reporting them to the company so it can fix them, or some other creative solution.
Despite the admission that there has been a limited number of serious successful breaches to the MoD’s secret systems and Shaw’s commentary on the need for increased cyber security to stay ahead of the game, this does not mean that the MoD does not already engage in taking measures to protect its systems, just that he feels there is a room for continued improvement and new solutions to an ever growing, evolving problem. This makes sense of course, since the threat is always adapting, so too should the defense.
Further emphasizing the point that the MoD does take cyber security and threats seriously, and referring to the measures they take to protect themselves, an MoD spokesman issued the following statements:
The MoD takes all possible precautions to defend our system from attack from both unsolicited, for example ‘spam’ email, and targeted sources. It would be both misleading and naïve to assume that any system is 100% secure against all possible threats which is why we take additional steps to detect suspicious activity within our own systems.
We also ensure that our most sensitive networks are not connected to the internet and have additional physical and technical measures in place to defend them.
However, Shaw did further hint at the shift of priority towards cyber-defense when he mentioned that next year’s MoD budget would most likely include additional funding increases for it, when other areas are having their budgets tightened or slashed.
“[The MoD isn't] doing badly … but we could do a hell of a lot better. We will get there, but we will have to do it fast.”
This type of open dialogue from the military is not only refreshing, but it’s smart. I applaud the General for his candor and insights, and hope the MoD will take heed of his words when looking ahead and assessing the threat of hackers and other cyber attacks on sensitive systems.