UK’s Defence Academy hit by damaging cyber attack, ex-military chief reveals

The attack, possibly carried out by a hostile state or a criminal network, caused ‘significant’ damage, a retired high-level officer said.

William Janes
Sunday 02 January 2022 22:52
A cyber attack took place on the Defence Academy (PA)
A cyber attack took place on the Defence Academy (PA)

A cyber attack on the UK’s Defence Academy – possibly by Russia or China – caused “significant” damage, a retired high-ranking officer has revealed.

Air Marshal Edward Stringer, who left the armed forces in August, told Sky News the attack which was discovered in March 2021 meant the Defence Academy was forced to rebuild its network.

He said he did not know if criminals or a hostile state, like China, Russia, Iran or North Korea, were responsible but the damage has yet to be fully rectified months on, Sky reported.

Mr Stringer told the outlet: “It could be any of those or it could just be someone trying to find a vulnerability for a ransomware attack that was just, you know, a genuine criminal organisation.”

In March 2021 we were made aware of an incident impacting the Defence Academy IT infrastructure

MoD spokesperson

He added: “There were costs to… operational output. There were opportunity costs in what our staff could have been doing when they were having to repair this damage.

“And what could we be spending the money on that we’ve had to bring forward to rebuild the network? There are not bodies in the streets but there’s still been some damage done.”

Sky News reported that no sensitive information was stored on the academy’s network.

The school, based in Shrivenham, Oxfordshire, teaches 28,000 military personnel, diplomats and civil servants a year and moved more online during the pandemic.

In an exclusive interview with Sky, the first since he left the military, Mr Stringer said “unusual activity” was first discovered by contractors working for outsourcing company Serco and “alarm bells” started ringing.

Edward Stringer, right, said the cyber attack had been damaging (Corporal Mark Larner RLC/MoD/PA)

He told the outlet there were “external agents on our network who looked like they were there for what looked pretty quickly like nefarious reasons”.

But he disclosed to Sky the attack was not successful and while the hackers may have been using the academy as a “backdoor” to other Ministry of Defence (MoD) systems, there were no breaches beyond the school.

Mr Stringer – who was also director general of joint force development and led the military thinking about how it would adapt to the future of warfare – said the attack fell within a so-called grey zone of harm, which falls below the threshold of war, according to Sky News.

The site, which is much like a domain for a university, had to be completely rebuilt, a task which is still ongoing, Sky said.

The National Cyber Security Centre, a branch of GCHQ, was also made aware of the hack, Sky News reported.

The outlet reported that an MoD spokesperson said: “In March 2021 we were made aware of an incident impacting the Defence Academy IT infrastructure. We took swift action and there was no impact on the wider Ministry of Defence IT network. Teaching at the Defence Academy has continued.”

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in