Armed forces
Image: Ricardo Pinho / EMGFA

Armed Forces centre for cyber defence suffers new attack

Latest incursion follows plundering of classified NATO documents

Weeks after classified NATO documents were ‘exfiltrated’ from the so-called nerve centre of Portugal’s Armed Forces (EMGFA) to be put up for sale on the ‘dark web’, a new attack has been flagged – one that appears only to have been noticed ‘last Wednesday’.

According to Expresso, this new attack could be “more serious and profound than the first one” (no-one can be sure, as authorities are still playing ‘catch-up’…)

“There is the possibility of more secret documents having been stolen”, says the paper in an article that hints at the enormity of the situation: EMGFA’s ‘Centre for Cyber Defence” is desperately short of personnel. To be fair, it is not really a ‘centre’ for cyber defence, more a struggling outpost.

“The problem is not new”, Expresso explains. Even though cyber vigilance continues to be performed 24 hours a day, a source has stressed that it is “difficult to maintain levels of quality demanded”.

The nerve centre should ideally have 90 members of staff. It has “around 40”. 

Plans are that by 2026 it could have 250. But right now, in the face of two major cyber attacks, it has just the 40 – presumably working their socks off.

Expresso has spoken with ‘hackers’ and ‘sources in the area of cyber security’, and these highlight another obstacle to a full complement at the EMGFA ‘nerve centre’: money. “Outside military life, specialists in cyber defence can earn double” what is offered within the service”.

Thus the dispatch signed off by defence minister Helena Carreiras in August authorising the spending of €11.5 million on hiring training and consultation services in the area of military cyber defence, “having in mind the creation of a cyber defence workforce” that as yet does not exist.

“The objective of Helena Carreiras is to advance with a specific training path in this area”, says Expresso, adding that questions to EMGFA and the Defence Ministry were not answered in time for the latest article – nor is it clear what documents might have been compromised in this second ‘attack’.

According to specialists, the second incursion could easily have been programmed as a result of the first. A source referred to “persistence mechanisms” left behind “that wake up from time to time”. The worrying aspect of this is that these mechanisms were not detected after the first attack.

[email protected]