Pentagon Discloses Massive Data Theft, Lays Out New Security Strategy

2011-07-14T19:15:01
ID THREATPOST:460FBEE1CD78CAEF4F3439988E547FBA
Type threatpost
Reporter Dennis Fisher
Modified 2013-04-17T16:34:11

Description

Pentagon plansA targeted attack on a defense contractor in March of this year resulted in the theft of 24,000 files by an unknown attacker, according to Defense Department officials. The attack, which officials say was the work of a foreign government, would represent one of the more serious known attacks on the department and its contractors.

In a speech Thursday in which he unveiled the Department of Defense Strategy for Operating in Cyberspace, William J. Lynn, deputy defense secretary, said that the attack was just one of thousands such intrusions that the government and its contractors suffer every year.

“The critical infrastructure the military depends upon also extends to
the private companies that build the equipment and technology we use.
Their networks hold valuable information about our weapons systems and
their capabilities. The theft of design data and engineering
information from within these networks undermines the technological edge
we hold over potential adversaries,” Lynn said in his speech.

“It is a significant concern that over the past decade, terabytes of
data have been extracted by foreign intruders from corporate networks of
defense companies. In a single intrusion this March, 24,000 files were
taken.”

Lynn did not specify what kind of data that was stolen or who specifically the department thinks is responsible. The federal government and its contractors always have been clear targets for foreign governments and private groups looking to disrupt U.S. operations or gain some insight on defense, economic or other plans. As far back as the infamous “Cuckoo’s Egg” attack in 1986–and likely long before that–foreign governments have been working to compromise sensitive systems and extract data.

In his speech, Lynn reiterated that the U.S. may well respond to cyberattacks with physical force.

“It should come as no surprise that the United States is prepared to
defend itself. It would be irresponsible, and a failure of the Defense
Department’s mission, to leave the nation vulnerable to a known threat.
Just as our military organizes to defend against hostile acts from
land, air, and sea, we must also be prepared to respond to hostile acts
in cyberspace. Accordingly, the United States reserves the right, under
the laws of armed conflict, to respond to serious cyber attacks with a
proportional and justified military response at the time and place of
our choosing,” Lynn said.

As for the Defense Department’s new strategy, much of it is similar to other documents that the Obama administration and the Bush administration before it have released, outlining the parameters of network defense and national security. But the new strategy goes farther in a couple of respects, including the section that spells out the department’s intention to use procurement as a way to improve security and a section that lays out the DoD’s plan for a continuous active defense system.

“The high point of the strategy, in terms of impact on the nation’s ability to
protect its networks and systems, is Initiative 5. Part of the impact of this
Initiative comes from the promise of innovative recruiting and training
activities. But the larger part comes from the promise of deployment of the
federal procurement infrastructure
to provide incentives to vendors to build safer and more defensible systems and
software,” said Alan Paller, director of research at The SANS Institute. “Procurement is the only major leverage the nation has — its $75
billion IT expenditure. Leveraging that to ‘persuade’ companies to deliver safer
systems is THE big step forward. However, the procurement Initiative works only
for future systems that are touched by the procurement process.”