According to a former senior officer, a probable nation-state attack on the UK’s main military training site last year compelled the academy to revamp its IT infrastructure. Prior to his retirement, Air Marshal Edward Stringer served as director-general of joint force development at the UK Defence Academy.
Every year, the academy trains almost 30,000 members of the UK armed services, as well as civil servants and military personnel from other countries. Stringer revealed to Sky News that a cyber-attack caught the academy off guard in March, which had “significant” operational effects.
Although no critical information is believed to have been taken, the outbreak caused teaching to be disrupted as programs were transferred online. Stringer said it did not appear to be a violent attack, but there were costs. There were expenses associated with… operating output. There were costs associated with what the academy’s staff could have done instead of repairing the damage.
“What could we be spending the money on that we’ve had to bring forward to rebuild the network? There are not bodies in the streets, but there’s still been some damage done.” The rebuilding project appears to be ongoing, as evidenced by a comment on the current Defence Academy website that reads: “new website coming soon … please bear with us while we continue to update our site … check back soon for updates.”
Serco, an outsourcing company, is supposedly in charge of the academy’s IT infrastructure, including website maintenance. Stringer did not attribute the attack to state-backed agents, despite the fact that China, Russia, and other unfriendly states would have been motivated to do so.
He reportedly said that it might be any of these things, or it may just be someone looking for a weakness for a ransomware attack from a legitimate criminal organization.