Ministry of Defence: Cybersecurity

(asked on 16th May 2022) - View Source

Question to the Ministry of Defence:

To ask the Secretary of State for Defence, how many supply chain cyber attacks have been successfully carried out against internal (a) Ministry of Defence systems and (b) systems outsourced by his Department since January 2021.


Answered by
James Heappey Portrait
James Heappey
This question was answered on 19th May 2022

The Ministry of Defence (MOD) takes the cyber security of its supply chains very seriously. However, for security reasons we do not comment on specific details of cyber attacks, as to do so could provide useful information for our adversaries.

The Defence Cyber Protection Partnership is a joint MOD and industry initiative put in place to improve the protection of Defence’s supply chain against cyber threats. Defence contracts undergo a risk assessment to determine a cyber risk profile and what the supplier must do to demonstrate compliance with these requirements. This risk assessment and requirement to comply flows down the supplier’s supply chain until the point where no MOD information is affected.

There are also contractual requirements put on suppliers to maintain cyber security controls and to report all security incidents involving MOD assets or information to the Defence Industry Warning and Reporting Point, which then coordinates investigations as appropriate.

Reticulating Splines