Editorial

Ministry of Defence IT systems “at critical risk”

MoD has most vulnerable IT in Whitehall with 11 ‘red rated’ systems, translating to the lowest possible security score.

Posted 10 January 2024 by Christine Horton


Data shows the UK Ministry of Defence (MoD)’s IT systems are the most vulnerable of any Whitehall department.

The MoD has 11 ‘red rated’ systems, translating to the lowest possible security score. A red rating means that the system is “at a critical level of risk, where the likelihood of encountering issues or failures is significant, and the potential impact of these issues could be severe.”

Systems generally fall into the red-rating category because of the presence of out-dated or legacy components.

The next most vulnerable technology belongs to The Department for Work and Pensions (DWP), which had six red-rated systems. Thirty-four systems across government departments are red-rated.

The figures were released to Parliament following a question by Matt Rodda, Labour MP for Reading East and shadow minister for AI and intellectual property, who asked about the number of red-rated systems across Whitehall departments and reported by The Telegraph.

“The scale of this problem is utterly unacceptable,” said Rodda. “The Ministry of Defence, the department chiefly responsible for the security of Britain, should simply not have this many critical failures in its systems. We can’t even get the basics right.”

Conservative former defence minister Tobias Ellwood and former armed forces minister Mark Francios, also called for an urgent review of the MoD’s systems.

In response, Tory defence procurement minister James Cartlidge maintained that the MoD takes the issue of IT network resilience “extremely seriously, and we are driving forward with a number of initiatives to improve it”.

DWP confirmed it had six red-rated systems, the Ministry of Justice (MOJ) five, and the Home Office and Cabinet Office both reported four each.

The Foreign Office, Department for Environment, Food and Rural Affairs (Defra), Business and Trade, and Education, all had one system exposed to the highest level of risk.

A spokesperson for the UK Government said: “We take the issue of the resilience and security of our IT networks extremely seriously and we have always ensured government IT systems are keeping pace with technological change.

“The Central Digital and Data Office is playing a leading role in delivering long-term digital transformation across government and this transformation programme is expected to deliver over £1 billion in efficiency savings by 2025.”

In December, a report by the Joint Committee on the National Security Strategy found that the Government could face a catastrophic ransomware attack at any moment. It also said the Committee feared the Government’s planning for such an event “will be found lacking.”

Event Logo

If you are interested in this article, why not register to attend our Think Digital Identity and Cybersecurity for Government conference, where digital leaders tackle the most pressing issues facing government today.


Register Now