Question to the Ministry of Defence:

To ask the Secretary of State for Defence, what steps he is taking to ensure the strength of his Department's social media passwords in the context of the recent hacking of the Army’s Twitter account.

The Ministry of Defence (MOD) is currently investigating the compromise of the Army social media accounts. It is not currently possible to determine the cause of the breach, and whether it might be related to the password.

The password policy required of all authorised users of social media accounts conforms to the Government Security Group guidance on Managing Social Media Securely. This refers to the National Cyber Security Centre's guidance on Social Media: Protecting What You Publish.

This guidance gives advice that keeps passwords secure, controlled and changed in a manner which ensures they are known only to those who need to gain access to the relevant account. The guidance also stipulates that a recovery process must be put in place; the efficacy of this is demonstrated by the swift manner in which the Army accounts were recovered and brought back under the control of authorised users.

In addition, there is guidance available internally for MOD personnel, which forms part of the Cyber Confident campaign run by the MOD's Cyber Defence and Risk Directorate (CyDR). All users of official social media within Defence are being contacted by CyDR to ensure current and ongoing compliance with this comprehensive guidance.