DoD: 24,000 files swiped in March from military contractor systems

Department of Defense Deputy Secretary William Lynn said that 24,000 files were taken in March from military contractor systems. That data leakage is increasingly common in the military complex. The good news? The DoD has a plan to fix its defenses.

Lynn didn’t provide further details on the attack or the contractor. On Thursday, the DoD released its strategy for operating in cyberspace.

The strategy boils down to:

• Treat cyberspace as a domain to organize, train and equip the military.
• Deploy new defense operating concepts to protect military systems.
• Partner with government departments and the private sector.
• Work with allies to boost security.
• Leverage U.S. technical prowess and innovation.

Lynn, who also spoke broadly about cybersecurity and cooperation with the Department of Homeland Security, noted that intrusions are relatively common and that stolen data ranges from the mundane to Joint Strike Fighter designs.

Here’s what Lynn said in context:

The critical infrastructure the military depends upon also extends to the private companies that build the equipment and technology we use. Their networks hold valuable information about our weapons systems and their capabilities. The theft of design data and engineering information from within these networks undermines the technological edge we hold over potential adversaries.

It is a significant concern that over the past decade, terabytes of data have been extracted by foreign intruders from corporate networks of defense companies. In a single intrusion this March, 24,000 files were taken.

When looking across the intrusions of the last few years, some of the stolen data is mundane, like the specifications for small parts of tanks, airplanes, and submarines. But a great deal of it concerns our most sensitive systems, including aircraft avionics, surveillance technologies, satellite communications systems, and network security protocols. The cyber exploitation being perpetrated against the defense industry cuts across a wide swath of crucial military hardware, extending from missile tracking systems and satellite navigation devices to UAVs and the Joint Strike Fighter.

Current countermeasures have not stopped this outflow of sensitive information. We need to do more to guard our digital storehouses of design innovation.

The larger question: How does the DoD design systems that are secure at the core when the Pentagon is increasingly tethered to private contractors?

On that point, Lynn said that the DoD and the DHS have formed a pilot program to share classified information to better protect networks. This “Data Industrial Base” pilot is an information sharing effort that revolves around the government, contractors and Internet Service Providers. The general theme: Provide intelligence to the companies and engineers that know how to defend a network.

Lynn noted that the government is “not monitoring, intercepting, or storing any private sector communications.” Instead, groups are sharing threat intelligence so companies can defend themselves. The pilot is voluntary.

Will it be successful? Lynn said the early results are promising. “Although we are only beginning to evaluate the effectiveness of the pilot, it has already stopped intrusions for some participating industry partners. And through the information sharing the pilot promotes, we not only halted intrusions. We also learned more about the diversity of techniques used to perpetrate them,” said Lynn.

This government-private sector security cooperation is a theme that was also mentioned by former DHS chief Michael Chertoff at a talk in New York. Chertoff urged more public-private cooperation to defend against the likes of hacking groups such as Anonymous.

One thing is clear the U.S. military complex needs to shore up its network security. In the DoD cyberspace operating strategy, the military was very clear about how much it depends on cyberspace. From the report:

Along with the rest of the U.S. government, the Department of Defense (DoD) depends on cyberspace to function. It is difficult to overstate this reliance; DoD operates over 15,000 networks and seven million computing devices across hundreds of installations in dozens of countries around the globe. DoD uses cyberspace to enable its military, intelligence, and business operations, including the movement of personnel and material and the command and control of the full spectrum of military operations.

As for next steps, the DoD said it will do the following regarding its cyberdefenses:

• Enhance “cyber hygiene best practices.”
• Focus on insider threats via monitoring, workforce communications and accountability and information management.
• Deploy “an active cyber defense capability” to prevent intrusions.
• Develop new network architectures.