A cyber attack on the UK’s Defence Academy – possibly by Russia or China – caused “significant” damage, a retired high-ranking officer has revealed.
Air Marshal Edward Stringer, who left the armed forces in August, said the attack which was discovered in March 2021 meant the Defence Academy was forced to rebuild its network.
He said he did not know if criminals or a hostile state, like China, Russia, Iran or North Korea, were responsible but the damage has yet to be fully rectified months on, it has been reported.
“It could be any of those or it could just be someone trying to find a vulnerability for a ransomware attack that was just, you know, a genuine criminal organisation,” Mr Stringer said.
“There were costs to… operational output. There were opportunity costs in what our staff could have been doing when they were having to repair this damage," he added.
“And what could we be spending the money on that we’ve had to bring forward to rebuild the network? There are not bodies in the streets but there’s still been some damage done.”
It has been reported that no sensitive information was stored on the academy’s network.
The school, based in Shrivenham, Oxfordshire, teaches 28,000 military personnel, diplomats and civil servants a year and moved more online during the pandemic.
In his first since he left the military, Mr Stringer said “unusual activity” was first discovered by contractors working for outsourcing company Serco and “alarm bells” started ringing.
He said there were “external agents on our network who looked like they were there for what looked pretty quickly like nefarious reasons”.
But he disclosed the attack was not successful and while the hackers may have been using the academy as a “backdoor” to other Ministry of Defence (MoD) systems, there were no breaches beyond the school.
Mr Stringer – who was also director general of joint force development and led the military thinking about how it would adapt to the future of warfare – said the attack fell within a so-called grey zone of harm, which falls below the threshold of war.
The site, which is much like a domain for a university, had to be completely rebuilt, a task which is still ongoing, he aid.
The National Cyber Security Centre, a branch of GCHQ, was also made aware of the hack, it has been reported.
“In March 2021 we were made aware of an incident impacting the Defence Academy IT infrastructure. We took swift action and there was no impact on the wider Ministry of Defence IT network. Teaching at the Defence Academy has continued,” an MoD spokesman said.