Pentagon Admits Major Data Breach in Recent Cyber-Attack

The Pentagon admitted that a defence contractor had suffered a major data breach in March in a speech announcing a cyber-strategy plan emphasizing defensive tactics. The intruders were after files related to missile tracking systems, unmanned aircraft sytems and the Joint Strike Fighter.

A foreign government was behind a March cyber-attack against military computers that led to 24,000 files being stolen from a defence contractor, the Department of Defence said.

The revelation came in a July 14 speech at the National Defence University in Washington, D.C., by William Lynn, the deputy secretary of defence. The main purpose of the speech was for Lynn to elaborate on the Department of Defence’s plans to defend U.S. networks against cyber-attacks. The plans include defending key civilian networks controlled by transportation and utility companies and financial institutions from cyber-attacks. “It is a significant concern that over the past decade terabytes of data have been extracted by foreign intruders from corporate networks of defence companies,” Lynn said.

The departments of Defence and Homeland Security have jointly created a pilot programme called Defence Industrial Base Cyber-Pilot to share classified information with defence contractors and commercial ISPs.

The government won’t be monitoring, intercepting or storing any private-sector communications under the programme, Lynn said. Instead, the threat intelligence collected by the government will be used by the companies and the ISPs to identify and stop malicious activity within their networks.

Pentagon officials had said previously the United States would view cyber-attacks on key security systems as an act of war. Privacy advocates have expressed concern that the military might put in measures to defend cyberspace that would actually restrict and limit how civilians currently live and work online. The Defence Department tempered its language slightly by saying the United States reserves the right to use “whatever response is appropriate.”

The DoD Cyber-Strategy, unveiled during the speech, emphasizes cyber-defences to boost the government’s ability to fight back against attacks rather than increasing the military’s offensive capabilities, Lynn said. The Pentagon is “committed to protecting the peaceful use of cyberspace,” Lynn said, noting that the goal is to prevent others from using cyberspace for hostile purposes. “Establishing robust cyber-defences no more militarizes cyberspace than a navy militarizes the ocean,” Lynn said.

To defend against cyber-attacks, the Pentagon will integrate cyber-scenarios into military exercises and training, the plan said. Strategic partnerships with the private sector will focus on improving “cyber-hygiene” on civilian networks and developing new technology for the department’s use. The Defence Department also plans to recruit and train a “cyber-talent base” and set up cyber-capabilities in the Reserve and National Guard.

As has been the case in previous discussions on cyber-security, the definition of “critical infrastructure” remained unclear. Neither the speech nor the strategy document clarified whether popular Websites like Google could be classified as such or if the classification would be narrowed down to facilities such as power plants and defence contractor networks. It was also unclear if the Pentagon will have authority and oversight over network operators in the private sector, or if it will play an advisory role.

The department listed cyberspace as the “fifth domain” of warfare, after air, land, sea and space, in the 13-page unclassified version of the strategy released with the speech. The department “depends on cyberspace to function,” the document said, noting that the Department of Defence operates more than 15,000 networks and more than 7 million devices in hundreds of locations around the globe. The government spends millions of dollars every year securing the network against increasing numbers of attacks. “Our reliance on cyberspace stands in stark contrast to the inadequacy of our cyber-security,” it said.

Attackers probe Pentagon networks millions of times every day looking for classified information, and “malicious insiders” are stealing files. Adversaries are developing sophisticated and widely available tools to hack into secure networks. More than 60,000 “new malicious software programmes or variations are identified every day, threatening our security, our economy and our citizens,” Defence Secretary Leon Panetta said in a statement.

“Our assessment is that cyber-attacks will be a significant component of any future conflict, whether it involves major nations, rogue states or terrorist groups,” Lynn said.

Source: eWeek

Leave a Reply

Your email address will not be published. Required fields are marked *