Hackers Breach Most Sensitive Military Systems

Foreign Hackers Obtained 24,000 Pentagon Files

By , July 14, 2011.
Hackers Breach Most Sensitive Military Systems

D

See Also: Mobile Deposit Capture: Balancing Fraud Prevention and Customer Convenience

igital assaults penetrated against the defense industry's IT networks have exposed some of the nation's most sensitive systems, including aircraft avionics, surveillance technologies, satellite communications systems and network security protocols, Deputy Defense Secretary William Lynn III said in a speech Thursday at the National Defense University.

"The cyber exploitation being perpetrated against the defense industry cuts across a wide swath of crucial military hardware, extending from missile tracking systems and satellite navigation devices to UAVs (unmanned aerial vehicles) and the Joint Strike Fighter," Lynn said. "Current countermeasures have not stopped this outflow of sensitive information. We need to do more to guard our digital storehouses of design innovation."

In a press briefing after the speech, Lynn revealed that hackers believed to be backed by another nation obtained 24,000 Pentagon files related to systems being developed for the Defense Department during a single intrusion in March, one of the worst digital attacks against the DoD. Lynn didn't identify the contractor. "It was done, we think, by a foreign intelligence service," he said. "In other words, a nation-state was behind it. And we don't get into our understanding of exactly who that was."

In his speech, Lynn unveiled the first Department of Defense Strategy for Operating in Cyberspace, which takes a more active approach to not only defend military systems and networks but to safeguard American cyberspace. Lynn first outlined the five pillars of the new strategy last August (see DoD Unveils New Cyber Defense Strategy).

The Five Pillars

The strategy's five initiatives include:
  1. Treat cyberspace as an operational domain to organize, train and equip so that DoD can take full advantage of cyberspace's potential. This initiative allows DoD to approach cyberspace as it does in air, land, maritime and space to support national security interests.
  2. Employ new defense operating concepts to protect DoD networks and systems. To achieve this initiative, DoD will enhance its cyber hygiene best practices; strengthen its workforce communications, workforce accountability, internal monitoring and information management capabilities; employ active cyber defenses to prevent network and systems intrusions and develop new defense operating concepts and computing architectures.
  3. Partner with other federal departments and agencies and the private sector to enable a whole-of-government cybersecurity strategy. DoD last year implemented a program with the Department of Homeland Security to safeguard cyberspace (see DHS, DoD to Tackle Jointly Cyber Defense). DoD says it's establishing a pilot public-private sector partnership to show the feasibility and benefits of voluntarily opting into increased sharing of information about malicious or unauthorized cyber activity and protective cybersecurity measures (see Gov't Pilot Program Protects Defense Industry).
  4. Build robust relationships with U.S. allies and international partners to strengthen collective cybersecurity. Lynn, the primary Defense Department cybersecurity champion, has traveled the past two years to Australia, Britain and Canada, meeting with our allies, including NATO, to engage them in a cooperative cyberdefense. The strategy says DoD's international engagements support the administration's International Strategy for Cyberspace and the president's commitment to fundamental freedoms, privacy and the free flow of information (see White House Unveils Int'l Cybersecurity Strategy ).
  5. Leverage the nation's ingenuity through an exceptional cyber workforce and rapid technological innovation. The Pentagon will marshal American scientific, academic and economic resources to build a pool of talented civilian and military personnel to operate in cyberspace to achieve DoD objectives.

"Our responsibility is to acknowledge this new environment and adapt our security instruments to it. That is the purpose of the DoD cyber strategy," Lynn said. "We must prepare. We must recognize the interconnectedness of cyber. And we must be mindful of the many ways cyberspace is used - as a peaceful instrument of global communications, as a tool for economic growth - and, also, as an instrument to threaten and sometimes cause harm."

Follow Eric Chabrow on Twitter: @GovInfoSecurity

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Sony's Breach Notification: The Details

A breach notification letter sent by Sony Pictures Entertainment to its employees offers a...

Latest Tweets and Mentions

ARTICLE Sony's Breach Notification: The Details

A breach notification letter sent by Sony Pictures Entertainment to its employees offers a...

The ISMG Network