Cyber attack on UK Defence Academy causes “significant” damage

The Defence Academy of the UK was forced to rebuild its network last year after suffering a cyber attack, a high-ranking officer has revealed.

Air Marshal Edward Stringer, who retired from the armed forces in August, said the attack caused significant damage and continues to affect the Defence Academy months later.

The school, which is based in Shrivenham, Oxfordshire, teaches 28,000 military personnel, diplomats and civil servants a year.

During the pandemic, its classes were moved online, exacerbating the disruption caused by the attack.

The academy’s website had to be completely rebuilt, a task which is still ongoing.

It’s not clear who was responsible for the attack. Stringer didn’t rule out the prospect of a state-sponsored attack by the usual suspects – China, Russia, Iran or North Korea – but added that it could have been an individual.

“It could be any of those or it could just be someone trying to find a vulnerability for a ransomware attack that was just, you know, a genuine criminal organisation,” he said.

However, his biggest concern was whether the attackers had tried to use the Defence Academy as a backdoor to penetrate more sensitive parts of the Ministry of Defence’s IT systems.

Following an investigation, Stringer expressed confidence there hadn’t been any other breaches and that no sensitive information was stored on the academy’s network.

What went wrong?

Contractors working for Serco, which runs the academy’s IT infrastructure, discovered “unusual activity” in March 2021.

They soon learned that there were external agents on the network and notified the academy that it might have been targeted by cyber attackers.

However, Stringer said that not everyone in the MOD was alert to the threat. “Moving from the analogue and the industrial age to the information age, there are three tipping points,” Stringer said.

“There is a tipping point in the thinking, tipping point in the talking and then the tipping point in the doing, including everybody’s instinctive reactions. I think generally we’re somewhere between those latter two.”

Following the incident, an MOD spokesperson said: “In March 2021 we were made aware of an incident impacting the Defence Academy IT infrastructure. We took swift action and there was no impact on the wider Ministry of Defence IT network. Teaching at the Defence Academy has continued.”

Although the Defence Academy of the UK escaped a major incident on this occasion, Air Marshall Stringer emphasised the operational costs:

“It doesn’t look like a violent attack, but there were costs […] to operational output. There were opportunity costs in what our staff could have been doing when they were having to repair this damage. And what could we be spending the money on that we’ve had to bring forward to rebuild the network? There are not bodies in the streets, but there’s still been some damage done.”

The MOD has launched an investigation into the attack, but the results, including who was responsible, have not been made public.

The Weekly Round-up: subscribe now