MoD: Our networks are in 'unacceptable' state and both data and IT bods are stuck in silos The Ministry of Defence’s IT systems are “too fragmented, fragile, insecure and obsolescent” and its operators are “mired in industrial age processes and culture,” according to a new digital strategy document. Published earlier this week, the Digital Strategy for Defence paper is full of the usual MoD management-speak while …
I'd of thought that MOD stuff not being on the internet i.e. along with data being locked inside “internal and contractual silos” making it “hard to access and integrate”. would be a good thing from a security perspective. We don't want some teen hacker accessing the polaris subs and playing wargames. Good hacking film.
Yes, and the more fragmented, the better. Last thing we should wish for is that they have it all on some seamless, leveraged, hyper-scalable easily accessible cloudy platform that every s'kiddie in China/Russia/Iran can understand, esp. some cloudy platform run by a foreign company. Perish the thought.
MOD is big enough that "external" often means another agency within the MOD and not the real outside world. It's sometimes hard to share information between different agencies of the MOD because those agencies might have their own IT systems, that don't talk with each other.
Precisely! Whose cloud and where are the servers?
The bits of the report mentioned in the article make it sound as though the MoD is recruiting direct from a dedicated MBA university or maybe Shoreditch.
Perhaps if they are looking for money they could start a crowd funder or try visiting a couple of VCs with a new tank.
> Precisely! Whose cloud and where are the servers?
The MoDs.
The Army has (or maybe had?) it's own D/Cs in a couple of locations even >10 years ago, and all "cloud" projects were being migrated to servers there - not cloud in the way we tend to think of it, so much as genericised hosting, with workloads in VMs rather than tied to hardware.
Consultants might suggest spinning stuff up in AWS, but the services won't generally be happy with that. What you do see, though, is some level of infighting about whether it should be the Army, Navy or RAF who get the prestige of hosting anything that's used cross-service (logistics systems, obviously are one of those)
A Couple of years and a previous company ago (three letter company that is big and fairly new), I worked on the MoD project - they have two networks - one for the insecure stuff is hosted by MS, the secure stuff lives on their own servers in "secure" datacenters fairly close to each other in the south of England.
the project was running years late and massively over budget - mainly because they had never had the right people in at the start (no designers when they would have been useful)
I doubt it is much closer to completion even now.
Sounds like this was written by people who don't understand the word "secure". MoD IT may be a pile of shite but that's because of the environment they have to operate in. I could tell you countless MoD fucks ups like REDACTED or when REDACTED or that time REDACTED. etc.
Buzzword bingo bozos meet immovable object time and after 2 years of work and countless millions get wasted on project soopadoopa, it'll get quietly dropped.
Fair due, how would they understand since all the IT contractors left several years ago? MoD now has a few contractors inside IR35 getting ripped off by seedy offshore umbrella companies and producing rubbish products*
* https://www.contracts.mod.uk is a good example. Why not have a website that lists every API call you use within its response headers?
This post has been deleted by its author
Oh no, this means awarding Fujitsu more of the MoDs work.
On the bright side though, this also means that if you've ever wanted to be a *DBA but have no idea what a **Database is, you're in luck and congratulations on your new role with Fujitsu!
* Insert Job description of your choice (e.g. Messaging engineer)
** Insert technology of your choice (e.g. Microsoft Exchange
Of course your lack of experience is the reason why they'll be paying you way below market rate, but it worked for them on their Horizon Post Office project, their (very profitable for them thanks to suing the NHS for £700m because the NHS done to them what the Post Office should have, that is kick them off the contract for failing) NHS National Programme for IT project, their Libra project for magistrates court etc. etc.
Serco and Crapita do get a lot of stick (and they deserve it), but neither are anywhere near as bad as Fujitsu for failing at delivering Government run projects.
"Secure" "cloud"
Pick one.
I'll set you up for less than whomever gets the nod.
Can't do it this weekend, though - have a bbq to go to.
Prepared to drag the project out as long as you want though.
How my snags will probably end up ----------------------------------------------------------^^
Link: https://www.reuters.com/article/us-cyber-ukraine-idUSKBN14B0CU
*
1. MOBILES
Soldier in Ukraine steps out of bunker and fires up his mobile phone to talk to his wife. Five minutes later, the bunker is under a fierce artillery barrage sent over by the Russian army.......
*
So......it's not just the "infrastructure", the "databases", the "cloud" (private or public).........................there's quite a lot to be managed in terms of personal technology (or not!!!).
*
2. GPS
Link: https://lloydslist.maritimeintelligence.informa.com/LL1128820/Seized-UK-tanker-likely-spoofed-by-Iran
Link: https://www.gpsworld.com/gps-circle-spoofing-discovered-in-iran/
For example, news above is from the Gulf of Hormuz -- where GPS might show ships that they are located miles inland!!!
3. SUMMARY
This article in El Reg is pretty poor in scope.......Even if the MOD get the billions to build a modern UK-based infrastructure..........there's still plenty of scope for bad actors to get in the way of "global reach"!!!!!!
*
Just saying!!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
