MoD contractors lax on IT security

Friday, February 27, 2009

Over 25 per cent of all MoD contractors fail to meet government IT encryption requirements, placing sensitive data and information at risk of being stolen or compromised.

Thousands of MoD contractors are continuing to operate without meeting the department's new IT security protocols. Armed forces minister Bob Ainsworth told Parliament that out of nearly 23,000 contracts awarded during the 2007-08 fiscal year, 8.3 per cent of them have openly admitted that they do not comply with new MoD IT security regulations. A further 18.3 per cent have yet to say whether or not they can or do comply with the new regulations.

In total, over 6,100 defence contracts, most likely employing tens of thousands of workers who handle some form of sensitive MoD operating and procurement data, do not meet departmental IT security standards.

Much of the information that is not encrypted could be beneficial to enemy operatives, criminals, and embarrassing to the MoD in the public's eye.

Following a number of high profile data losses last year the government and ministry reformed their data security and handling procedures to ensure that leaks and massive data losses did not compromise the work of government departments.

All defence contractors are required to meet the new Defence Security and Safety Assurance guidelines in order to do work with the MoD or to use MoD IT systems. They include the encryption of laptops and other mobile devices and adherence to certain data handling regulations such as what data can and cannot be taken out of MoD facilities.