MoD IT systems fail on data security

The Ministry of Defence has admitted that almost three quarters of its computer systems do not meet the government's own standards for data security.



The embarrassing admission was forced by a series of parliamentary questions, probing whether departments had heightened security since HMRC's lost discs fiasco.



Despite all official departments being ordered to meet new minimum standards for data handling, the MoD said just 27 per cent of its IT systems were in compliance.



The systems that fall below the standards contain military secrets; "material of value" and "particularly sensitive or personal data," said Defence minister Bob Ainsworth.



Responding to Tory MP Shailesh Vara, the minister said nearly 60 per cent of the IT systems had been tested for the standard, but less than a third won full accreditation.



A further third have "conditional accreditation" – where the ailing system's operation is constrained to ensure that the security risks it poses are "adequately managed."



The MoD said the "balance of systems" was still in the process of meeting the standard due to the "significant workload" of aligning solutions with platforms.



The work being undertaken to assess and protect the rest includes applications from legacy systems, which will be migrated onto the Defence Information Infrastructure.



Also responding to the Tory frontbencher, the Department of Transport said a quarter of the IT systems at its seven executive agencies met the new data security standards.



Seventy-one per cent of its systems, including those at its shared service centre, were fully accredited, while the remainder are under review or will be scrapped.



Transport Secretary Geoff Hoon said ensuring the department's IT systems met the standards was a continuous process, involving both new and existing systems.



He said the current systems would need to be re-accredited periodically, or in response to changes in services, technology or data security threats.