MoD contractors fall short on encryption

A number of companies working on confidential UK defence information are not meeting government data-encryption requirements.

One-quarter of contractors that either access the Ministry of Defence Restricted Network or who work on classified or above information have failed to confirm they encrypt all defence data held on laptops and portable media — a requirement under the Ministry of Defence's List-X Notice security standards.

In a written answer to Parliament, defence minister Bob Ainsworth this week said that just over eight per cent of contractors confirmed that they do not comply with the MoD's List-X Notice on laptop and media encryption, while just over 18 per cent have not confirmed whether or not they meet the standard.

An MoD spokeswoman told ZDNet UK's sister site silicon.com that a small number of contractors have said compliance with the encryption standards was "not practicable". The MoD is working with those contractors to minimise the risk of losing data, she added.

Ainsworth said almost 23,000 contracts were placed in the financial year 2007/08 and that the MoD expects to confirm full compliance with all its suppliers by the end of March.

The MoD issued the List-X Notice in response to the government's Data Handling Review last year, which recommended personal data on all portable computers and media be encrypted.

The review was introduced following a number of data losses by the government, starting with HM Revenue and Customs's loss of 25 million child benefit records in 2007.