asked Her Majesty's Government:
In respect of the Ministry of Defence, (a) on how many occasions in the last year malicious programs have compromised departmental computer systems; and, for each occasion, how many machines were affected; how long it took to remove the programs from the system; and what was the impact on the department's activities; (b) what penetration tests of information systems have been carried out over the last year and what were the results, indicating in each instance whether the tests were carried out independently of the providers of the system concerned; and (c) on how many occasions in the last year the departmental management team has considered information risk. [HL2473]
The Ministry of Defence has deployed a comprehensive suite of safeguards to protect its departmental computer systems. However, in the past year (to February 2007) there have been 35 incidents reported in which malicious programs have compromised these safeguards. The department categorises—there are five levels, from very low to very high—all incident impacts. The following table provides the requested details.
No. of Incidents Machines Involved Impact Level Recovery Time Remarks 1 1 Very Low Pending Incident open 2 1 Very Low Pending Incident open 3 1 Low Nil Anti-Virus (AV) recovered 4 1 Low Nil AV recovered 5 1 Low Nil AV recovered 6 1 Low Nil AV recovered 7 1 Low Nil AV recovered 8 1 Low Nil AV recovered 9 1 Low Nil AV recovered 10 1 Low Nil AV recovered 11 1 Low Nil AV recovered 12 1 Low Nil AV recovered 13 1 Low Nil AV recovered 14 1 Low Nil AV recovered 15 1 Low Nil AV recovered 16 1 Low Nil AV recovered 17 1 Low Nil AV recovered 18 1 Low Nil AV recovered 19 1 Low Nil AV recovered 20 1 Low Nil AV recovered 21 1 Low Nil AV recovered 22 1 Low Nil AV recovered 23 1 Low Nil AV recovered 24 1 Low Nil AV recovered 25 1 Low Nil AV recovered 26 1 Low Nil AV recovered 27 1 Low Nil AV recovered 28 1 Low Nil AV recovered 29 1 Low Nil AV recovered 30 1 Low Nil AV recovered 31 1 Low Pending Virus quarantined 32 1 Low 1 Day 1 x box rebuilt 33 1 Med Pending Incident open 34 1 Med Pending Incident open 35 10 Med 2 Days 1 x Box rebuilt 9 x AV Updated
A total of 104 independent penetration tests were completed in the past year, in addition to those commissioned internally by system-operating authorities for which centralised records are not maintained. Invariably such testing identifies a range of issues that require subsequent rectification and/or risk acceptance. Specific details are classified; however, as a measure of the results, all systems tested last year retained their security-accredited status.