A cyber attack – possibly by Russia or China – caused “significant” damage to the UK’s Defence Academy, the academic arm of the UK’s Ministry of Defence, according to a retired high-ranking officer.
The school, based in Shrivenham, Oxfordshire, teaches 28,000 military personnel, diplomats and civil servants a year and moved more courses online during the pandemic.
Air Marshal Edward Stringer, who left the armed forces in August, told Sky News that the attack, discovered in March 2021, meant the Defence Academy was forced to rebuild its network.
He said he did not know if criminals or a hostile state, like China, Russia, Iran or North Korea, were responsible, but Sky News has reported that the damage has yet to be fully rectified months after it took place.
Mr Stringer told Sky News that “It could be any of those, or it could just be someone trying to find a vulnerability for a ransomware attack that was just, you know, a genuine criminal organisation.”
He added: “There were costs to… operational output. There were opportunity costs in what our staff could have been doing when they were having to repair this damage.
“And what could we be spending the money on that we’ve had to bring forward to rebuild the network? There are not bodies in the streets, but there’s still been some damage done.” Sky News reported that no sensitive information was stored on the academy’s network.
In an exclusive interview with Sky News, the first since he left the military, Mr Stringer said “unusual activity” was first discovered by contractors working for outsourcing company Serco and “alarm bells” started ringing.
He told the Sky News there were “external agents on our network who looked like they were there for what looked pretty quickly like nefarious reasons”.
But he added that the attack was not successful, and while the hackers may have been using the academy as a “backdoor” to other Ministry of Defence (MoD) systems, there were no breaches beyond the school.
Mr Stringer – who was also Director General of Joint Force Development and led the military thinking about how it would adapt to the future of warfare – said the attack fell within a so-called grey zone of harm, which falls below the threshold of war.
The site, which is much like a domain for a university, had to be completely rebuilt - a task that is still ongoing, and The National Cyber Security Centre, a branch of GCHQ, was made aware of the hack, according to Sky News.
Sky News also reported that an MoD spokesperson said: “In March 2021, we were made aware of an incident impacting the Defence Academy IT infrastructure. We took swift action, and there was no impact on the wider Ministry of Defence IT network. Teaching at the Defence Academy has continued.”