Official figures suggest that at least 950 computers have been stolen or lost by the Ministry of Defence in the last three years.
This isn’t all that uncommon, many will remember that the MoD was strongly criticised in a report by Sir Edmund Burton, published in June 2008, for security lapses that led to the theft of a Royal Navy laptop containing records of 600,000 recruits and potential recruits to the armed forces. There have been many similar incidents since then.
Douglas Chapman, Shadow SNP Spokesperson for Defence Procurement, recently asked in a written question:
“To ask the Secretary of State for Defence, how many (a) desktop, (b) laptop and (c) tablet computers were lost by his Department in the years (i) 2015-16, (ii) 2016-17 and (iii) 2017-18.”
Tobias Ellwood, the Parliamentary Under-Secretary of State for Defence, responded:
The Ministry of Defence treats all breaches of security very seriously and requires all breaches to be reported regardless of whether there is firm evidence of loss or just an inability to account for some devices. All incidents are subjected to an initial security risk assessment with further action taken on a proportionate basis.
For financial year 2017-18, the following figures were reported as unaccounted for: – 30 desktop computers, 81 laptop computers and one tablet.
For financial year 2016-17, the following figures were reported as unaccounted for: – 19 desktop computers, 51 laptop computers and five tablets.
For financial year 2015-16, the following figures were reported as unaccounted for: – 694 desktop computers, 64 laptop computers and five tablets.”
“It is MOD policy that all laptops, tablet computers and removable media are encrypted to minimise the impact if a loss were to occur.”
There seems to be a cavalier approach to the storage and protection of data. Who knows what damage could be done to the UK if sensistive material gets into the wrong hands? At a time when information security is paramount, it’s vital that far more is done to encrypt sensitive data and staff are held to account, in my opinion.
Information security, clearly, isn’t a major concern for many in Parliament either. Last year, we reported that MPs are widely and routinely breaching data protection and cyber security policies.