MoD Bus Stop Breach – Time for the MoD to go paperless?

A Kent bus stop and a stack of papers should be a defining moment in the UK Defence’s Digital agenda. On any other weekend this might have made the front page of the Sunday papers.

On Saturday 26^th June 2021, the BBC reported a story about a cache of reading material left at a bus stop in Kent. The papers in question? Classified MoD documents – OFFICIAL Sensitive and SECRET UK Eyes Only to be precise. The owner of these documents? An as-yet-unknown/unnamed senior civil servant. Apparently leaving classified documents on a train is out of fashion, but nonetheless this is an embarrassing situation for the MoD. To add insult to injury, there was then another story reported on Monday 28^th of June that the top MoD officials were now isolating following a large face-to-face meeting at Defence Academy the previous week.

The first story begs the question – how long will the MoD continue using paper-based documents? It is well known that the MoD has a broad digital agenda, and the Digital Strategy for Defence whitepaper released in May 2021 outlines its aims and objectives around embracing this strategy to “enable seamless access to our data by delivering a secure, singular, modern Digital Backbone”. The whitepaper references “collaboration” many times – between departments, government organisations, and with industry - but what the strategy document does not describe is any intent to move away from paper as a medium of documentation and communication.

I know that going paperless is much easier said than done – the UK Health and Social Care organisations are doing a brilliant job of this with NHS Digital working in collaboration with CCGs and with industry to digitise NHS records and move to online patient record and imaging services. Though this has not been without its challenges, and there are still many hurdles that need to be overcome to have a truly paperless NHS. Yet the work that has been done so far has vastly improved the way in which UK citizens can access healthcare records and get medical assistance.

So, what is stopping UK Defence from following in the footsteps of Health?

 

 

There are countless technologies in existence that could accelerate the journey to paperless – collaboration tools being a great example.

Collaboration tools are truly coming of age. Whether that be the office-type toolsets to enable document creation and sharing or more exotic toolsets to enable agile working such as knowledgebases, task-boards or code repositories.

These are already being adopted somewhat within the Defence space, particularly at OFFICIAL where the internet is a common mode of transport for data sharing, however OFFICIAL Sensitive-and-upwards, where internet is not used, is where the challenge with collaboration tooling lies. This also tends to be where people who want to collaborate will have the idea of printing something off or putting it on a USB in order to take to a different office, and you can guess what happens next…

Security at this level is as good as the diligence and care of those who can access and dictate the fate of the data.

So, if it’s simple carelessness that can cause a breach, why don’t we just build the same services from OFFICIAL at OFFICIAL Sensitive and SECRET so that people don’t need to print or use removable media?

We have Clouds that operate at these security classifications already (yes, even SECRET) and can host the applications needed to start to remove the need for paper, and organisations who have the knowledge, expertise, and the clearance to build and manage these tools on behalf of Defence organisations if required.

As for accessing these applications there are multiple options already available, at OFFICIAL Sensitive, where organisations can make use of private or OFFICIAL Sensitive Government networks to access these tools from offices. Or for those who are at home, there are options such as secure remote access using client VPN technologies and bastions which create secure tunnels over the internet for access to applications.

For those connecting into collaboration services at SECRET, things are a bit trickier – though entirely technically possible using cryptos, currently home working is limited by accreditation and security concerns, albeit these are not entirely insurmountable. However, connecting to cloud-hosted collaboration tools from secure office locations is absolutely a possibility using both highly secure Government networks, as well as using cryptos on private networks or even the internet. Enabling individuals to work in different secure locations and with access to the same applications and documents.

To go one step further, organisations could couple the connectivity at each of these security domains with virtual desktop and mobile device management technologies. This would mean that application users now have a uniform experience no matter where they are – at home, at the office, or in the field. It also removes the compliance headache of locally stored data, since it is all kept centrally within secure cloud environments behind multi-factor authentication. This lowers the burden on device administrators who can remotely manage the end-user devices and enforce patching or even remote wiping of devices should these be left in an unfortunate place. Virtual desktops are already being adopted by the MoD at OFFICIAL, but these are also available at higher security classifications.

We have the technology, the connectivity, and the security, so what is stopping us?

To learn more about UKCloudX and how we’re transforming the mission for Defence, click here. Learn more about the potential of assured digital transformation with Defence Cloud. Get planning your digital journey with our professional services team, or speak to a cloud expert today.