UK government relying on ‘good will’ to block cyber attacks after MoD hack, experts warn

Anthony Cuthbertson
·2 min read
Defence Secretary Grant Shapps will update MPs on Tuesday, 7 May, about a cyber attack on a database containing details of armed forces personnel amid reports China was behind the hack (PA Media)
Defence Secretary Grant Shapps will update MPs on Tuesday, 7 May, about a cyber attack on a database containing details of armed forces personnel amid reports China was behind the hack (PA Media)

Security experts have warned that the UK government is relying on “good will” when it comes to cyber defence, following a massive hack on the Ministry of Defence reportedly carried out by China.

The names and bank details of tens of thousands of British armed forces personnel and veterans were compromised after a third-party payroll system was breached, in what some industry figures have labelled a “totally avoidable” attack.

Experts point to out-of-date security systems and inadequate funding for public sector cyber defence. Shortly after reports of the attack emerged, a job posting for a position as “Head of Cyber Security” within a government department was widely shared online, revealing an annual salary of £50,550 - £57,500 – well below salary levels of equivalent roles in the private sector.

“These roles fundamentally offer much lower salaries as there simply isn’t the money available and therefore the government tend to rely on people’s good will in the hope that the job satisfaction compensates the lower pay brackets,” Jake Moore, a global cyber security advisor for malware protection firm ESET, told The Independent.

“Protecting our digital landscape is just as critical as safeguarding the physical realm and this latest data breach highlights yet again the importance for increased investment in defence and security measures.”

Martin Riley, director of security services at cyber security firm Bridewell, echoed this call for greater investment.

“If this is clearly identified as a nation state attack, then cyber warfare continues to grow in its use internationally and the government needs to seek to build an investment plan that builds up the UK’s Cyber Defences alongside its recent commitment to physical defences,” he said.

“The defence of both central and local governments are underfunded for cyber defence and under prepared.”

China has denied that it was involved in the cyber attack, with a spokesperson for the Chinese embassy in the UK labelling reports as “false information” on Tuesday.

“The so-called cyberattacks by China against the UK are completely fabricated and malicious slanders,” the spokesperson said. “We strongly oppose such accusations. China has always firmly fought all forms of cyberattacks according to law.”

Downing Street is yet to attribute the cyber attack to a specific state actor.

A spokesperson for Prime Minister Rishi Sunak said on Tuesday morning: “The defence secretary is going to give an update to parliament on this this afternoon. You will appreciate I’m obviously limited in what I can say until then, other than the Ministry of Defence has already taken immediate action, isolating the network and supporting personnel affected.

“I can’t get into any further speculation around the origination of the attack.”