Skip to main content

Departmental Information and Communications Technology

Volume 503: debated on Wednesday 13 January 2010

To ask the Secretary of State for Defence if he will commission research into possible links between the use of memory sticks on the information technology platforms used by his Department and cyber-attacks on the computer systems its operates. (302670)

The MOD takes any attacks on its information networks and associated media storage devices very seriously and has robust procedures in place to mitigate against and investigate such occurrences. Furthermore new processes, instructions and technological aids are continually being implemented to mitigate human errors and raise the awareness of every individual in the Department with regards to cyber security.

If malicious software is detected on either a network or a memory stick its origin is researched to gain insight for its subsequent containment, and mitigation practices are introduced. However no specific instances of deliberate attack, successful or otherwise, would ever be publicly divulged so as to protect the integrity of the networks from widespread scrutiny and invoke further malicious attempts. All related security issues are investigated thoroughly by a number of related MOD cyber organisations and the MOD has established significant relationships with other agencies to assist in security issues, mitigation and risk management. These include working with Centre for the Protection of the National Infrastructure (CPNI), the CESG (as the National Technical Authority), Other Government Departments and foreign allies. The MOD has also established ongoing strong relationships with the Office of Cyber Security (OCS) and Cyber Security Operations Centre (CSOC) to help maintain awareness of threats and vulnerabilities. These engagements together ensure our cyber defences are as robust as possible.

On the technical front there are ongoing developments across Government on cyber to increase the protection of the infrastructure from attack. These include revised policies on the use of portable media and enhancements to the MOD's Defence Information Infrastructure (DII) Computer Network Defence (CND) architecture and also the introduction of measures that ensure only MOD-procured memory sticks can link with the DII network.

Every MOD employee now has to undergo mandatory annual Protecting Information training which aims to increase awareness and understanding of information security issues.