cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Cyber attack caused ‘significant’ damage to UK’s Defence Academy

A former senior officer says an unsolved hack of MoD training school systems did not succeed but still had costs.

user iconReporter
Tue, 04 Jan 2022
Cyber attack caused ‘significant’ damage to UK’s Defence Academy
expand image

A cyber attack on the UK’s Defence Academy caused "significant" damage, a retired high-ranking officer has revealed.

In a Sky News report, Air Marshal Edward Stringer, who left the armed forces in August stated that the attack, which was discovered in March 2021, meant the Defence Academy was forced to rebuild its network.

AIRMSHL Stringer said he did not know if criminals or a hostile state, such as China, Russia, Iran or North Korea, were responsible but the damage has yet to be fully rectified months on.


"It could be any of those or it could just be someone trying to find a vulnerability for a ransomware attack that was just, you know, a genuine criminal organisation," Air Marshal Stringer said.

"There were costs to … operational output."

"There were opportunity costs in what our staff could have been doing when they were having to repair this damage," AIRMSHL Stringer added.

Sky News reported that no sensitive information was stored on the academy’s network.

The school, based in Shrivenham, Oxfordshire, teaches 28,000 military personnel, diplomats and civil servants a year and moved more online during the pandemic.

"And what could we be spending the money on that we’ve had to bring forward to rebuild the network?" AIRMSHL Stringer said.

In the interview with Sky News, the first since he left the military, AIRMSHL Stringer said “unusual activity” was first discovered by contractors working for outsourcing company Serco and “alarm bells” started ringing.

“External agents on our network who looked like they were there for what looked pretty quickly like nefarious reasons,” AIRMSHL Stringer said.

"There are not bodies in the streets but there’s still been some damage done."

The attack was not successful. While the hackers may have been using the academy as a "backdoor" to other Ministry of Defence (MoD) systems, there were no breaches beyond the school.

According to AIRMSHL Stringer – who was also director general of joint force development and led the military thinking about how it would adapt to the future of warfare – the attack fell within a so-called grey zone of harm, which falls below the threshold of war.

The site, which is much like a domain for a university, had to be completely rebuilt, a task which is still ongoing.

The National Cyber Security Centre, a branch of GCHQ, was also made aware of the hack, Sky News reported.

In March 2021 the UK MoD was made aware of an incident impacting the Defence Academy IT infrastructure, according to a MoD spokesperson.

"We took swift action and there was no impact on the wider Ministry of Defence IT network."

Teaching at the Defence Academy has continued,” the MoD spokesperson concluded.

[Related: CISO spending insight: Cyber security spending trends 2022]

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.