New data revealed in Parliament shows that 34 UK government departments have IT security that is “red-rated” - the worst score possible on the scoring system used to determine the security of IT systems and devices.
11 of these red-rated scores were attributed to Ministry of Defense (MoD) systems which means these systems are highly exposed to cyber attacks and breaches, as well as being inefficient and unsuitable for use.
In other government departments, the Department for Work and Pensions had six red-rated systems, the Ministry of Justice had five, and the Home Office and Cabinet office had four apiece.
“We don't even get the basics right”
This data was revealed in Parliament in response to questions raised by MP Matt Rodda, the Labour Party’s artificial intelligence minister who responded stating, “The scale of this problem is completely unacceptable. The Ministry of Defence, the department primarily responsible for Britain's security, should not have such serious failings in its systems. We don't even get the basics right.”
He continued by saying that it is in the public interest to know if such failures amount to a national security risk, “as its own criteria would suggest.”
The Joint Committee on National Security Strategy released a report last month that found the Home Office had consistently given low priority to ransomware threats, with a further report showing that the current regulatory framework concerning cybercrime, known as the Computer Misuse Act, was introduced before the internet and remains outdated due to a lack of reform.
The report further criticizes the Home Office’s response to ransomware as a national security risk, stating that former Home Secretary Suella Braverman prioritized issues such as illegal migration and small boats, and “showed no interest” in the threat posed by ransomware.
Speaking to TechRadar Pro, ESET’s Global Cybersecurity Advisor Jake Moore, said, “This is extremely worrying especially when government systems are constantly targeted by numerous threat actors. Fixing legacy problems has always been a thorn in the side of the government but when national security is at risk, these issues need to be addressed immediately.
“Costs are often seen as the reason behind a slower uptake on such fixes but now it is seen as a serious risk, it should hopefully be recognised as essential investments in national security and a critical step towards safeguarding the country’s digital infrastructure.”
The Defense Ministry has said that £4 billion is being invested into its Defense Digital Reform Programme, with a government spokesperson further stating, “We take the issues of resilience and security of our IT networks extremely seriously and we have always ensured that government IT systems keep pace with technological change.”
Via TheTelegraph