The Ministry of Defence recently faced scrutiny over the issue of missing and stolen security passes.

Liberal Democrat Spokesperson Sarah Olney, responsible for Business, Energy and Industrial Strategy, and Treasury, asked a pointed question about the security protocol within the Ministry of Defence.

Olney’s question was direct: “To ask the Secretary of State for Defence, how many security passes for his Department have been reported as (a) missing and (b) stolen in the last 12 months.”

In response, Andrew Murrison, the Parliamentary Under-Secretary of State for Defence, provided a detailed statement. He began by asserting the government’s stance on information security: “The Government takes the protection of information extremely seriously and is exploring a number of measures to reduce future losses.”

Murrison elaborated on the procedures and measures in place, stating, “Departments are required to have robust controls in place to manage risk to their assets including data and mobile devices.” He also informed about the process following a security pass incident: “Security pass losses are reported to the Joint Security Coordination Centre and recorded on the central repository for Defence security incidents. All security incidents are fully investigated so that the impact can be assessed and mitigated, root cause determined and lessons identified. Any security pass reported as lost is immediately deactivated.”

He concluded with specific figures regarding the incidents: “Approximately 250,000 personnel are employed across the breadth of Defence and in the last 12 months the Department has lost 3,531 passes and had 285 stolen.”

It should be noted that large organisations, especially those with extensive personnel and multiple facilities, often face challenges in managing security credentials, and some level of loss or theft of security passes is typically anticipated. However, without specific benchmark data, it’s challenging to make a definitive comparison. It’s also worth noting that the sensitivity and security requirements of the Ministry of Defence may lead to more stringent reporting and tracking of lost or stolen passes, potentially contributing to a more comprehensive accounting of these incidents compared to other entities.

George Allison
George has a degree in Cyber Security from Glasgow Caledonian University and has a keen interest in naval and cyber security matters and has appeared on national radio and television to discuss current events. George is on Twitter at @geoallison

7 COMMENTS

  1. In other news. Phoenix Rising. 809 NAS reformed on Friday at RAF Marham as the 2nd frontline F35B sqn. 🇬🇧

  2. The question should be, of the 3500 passes lost, how many were then found after being reported lost. I know someone working in Main Building who reported their pass as lost in July. It had fallen out of their pocket and dropped down the side in someone’s car, who was giving them a lift home. In line with the correct security protocols, te loss was immediately reported, and then they attempted to figure out the last time they physically had the pass. They released that is was possibly in someone’s car, and after contacting the car owner, the pass was found between the seat and centre console. Pass recovered, but as already reported missing, it was cancelled and is probably one on the list.

    • Anyone can spot someone who isn’t wearing a pass and challenge them. Recognising invalid retinas might involve doing more than meeting people’s gaze as they stroll through the corridors of power.

LEAVE A REPLY

Please enter your comment!
Please enter your name here