Asked by: Nia Griffith (Labour - Llanelli)
Question to the Ministry of Defence:
To ask the Secretary of State for Defence, with reference to the policy paper entitled Transforming for a digital future: 2022 to 2025 roadmap for digital and data, updated on 29 February 2024, what steps his Department has taken to mitigate the risks of red-rated legacy IT systems.
Answered by James Cartlidge - Minister of State (Ministry of Defence)
The Central Digital and Data Office (CDDO), in the Cabinet Office, has established a programme to support Departments managing legacy IT. CDDO has agreed a framework to identify ‘red-rated’ systems, indicating high levels of risk surrounding certain assets within the IT estate. Departments have committed to have remediation plans in place for these systems by next year (2025).
It is not appropriate to release sensitive information held about specific red-rated systems or more detailed plans for remediation within the Ministry of Defence’s IT estate, as this information could indicate which systems are at risk, and may highlight potential security vulnerabilities.
Asked by: Nia Griffith (Labour - Llanelli)
Question to the Foreign, Commonwealth & Development Office:
To ask the Deputy Foreign Secretary, with reference to the policy paper entitled Transforming for a digital future: 2022 to 2025 roadmap for digital and data, updated on 29 February 2024, what steps his Department has taken to mitigate the risks of red-rated legacy IT systems.
Answered by David Rutley - Parliamentary Under-Secretary (Foreign, Commonwealth and Development Office)
The Central Digital and Data Office (CDDO), in the Cabinet Office, has established a programme to support departments managing legacy IT. CDDO has agreed a framework to identify 'red-rated' systems, indicating high levels of risk surrounding certain assets within the IT estate. Departments have committed to have remediation plans in place for these systems by next year (2025). It is not appropriate to release sensitive information held about specific red-rated systems or more detailed plans for remediation within the FCDO's IT estate, as this information could indicate which systems may be at risk, and may highlight potential security vulnerabilities. FCDO are actively managing their legacy estate via their existing change plans through system upgrades and migration to public cloud.