DoD: 24,000 files swiped in March from military contractor systems

DoD: 24,000 files swiped in March from military contractor systems

Summary: Department of Defense Deputy Secretary William Lynn said that 24,000 files were taken in March from military contractor systems. Now the military is sharing intelligence with the private sector to shore up networks.

SHARE:
TOPICS: Networking
26

Department of Defense Deputy Secretary William Lynn said that 24,000 files were taken in March from military contractor systems. That data leakage is increasingly common in the military complex. The good news? The DoD has a plan to fix its defenses.

Lynn didn't provide further details on the attack or the contractor. On Thursday, the DoD released its strategy for operating in cyberspace.

The strategy boils down to:

  • Treat cyberspace as a domain to organize, train and equip the military.
  • Deploy new defense operating concepts to protect military systems.
  • Partner with government departments and the private sector.
  • Work with allies to boost security.
  • Leverage U.S. technical prowess and innovation.

Lynn, who also spoke broadly about cybersecurity and cooperation with the Department of Homeland Security, noted that intrusions are relatively common and that stolen data ranges from the mundane to Joint Strike Fighter designs.

Here's what Lynn said in context:

The critical infrastructure the military depends upon also extends to the private companies that build the equipment and technology we use. Their networks hold valuable information about our weapons systems and their capabilities. The theft of design data and engineering information from within these networks undermines the technological edge we hold over potential adversaries.

It is a significant concern that over the past decade, terabytes of data have been extracted by foreign intruders from corporate networks of defense companies. In a single intrusion this March, 24,000 files were taken.

When looking across the intrusions of the last few years, some of the stolen data is mundane, like the specifications for small parts of tanks, airplanes, and submarines. But a great deal of it concerns our most sensitive systems, including aircraft avionics, surveillance technologies, satellite communications systems, and network security protocols. The cyber exploitation being perpetrated against the defense industry cuts across a wide swath of crucial military hardware, extending from missile tracking systems and satellite navigation devices to UAVs and the Joint Strike Fighter.

Current countermeasures have not stopped this outflow of sensitive information. We need to do more to guard our digital storehouses of design innovation.

The larger question: How does the DoD design systems that are secure at the core when the Pentagon is increasingly tethered to private contractors?

On that point, Lynn said that the DoD and the DHS have formed a pilot program to share classified information to better protect networks. This "Data Industrial Base" pilot is an information sharing effort that revolves around the government, contractors and Internet Service Providers. The general theme: Provide intelligence to the companies and engineers that know how to defend a network.

Lynn noted that the government is "not monitoring, intercepting, or storing any private sector communications." Instead, groups are sharing threat intelligence so companies can defend themselves. The pilot is voluntary.

Will it be successful? Lynn said the early results are promising. "Although we are only beginning to evaluate the effectiveness of the pilot, it has already stopped intrusions for some participating industry partners. And through the information sharing the pilot promotes, we not only halted intrusions. We also learned more about the diversity of techniques used to perpetrate them," said Lynn.

This government-private sector security cooperation is a theme that was also mentioned by former DHS chief Michael Chertoff at a talk in New York. Chertoff urged more public-private cooperation to defend against the likes of hacking groups such as Anonymous.

One thing is clear the U.S. military complex needs to shore up its network security. In the DoD cyberspace operating strategy, the military was very clear about how much it depends on cyberspace. From the report:

Along with the rest of the U.S. government, the Department of Defense (DoD) depends on cyberspace to function. It is difficult to overstate this reliance; DoD operates over 15,000 networks and seven million computing devices across hundreds of installations in dozens of countries around the globe. DoD uses cyberspace to enable its military, intelligence, and business operations, including the movement of personnel and material and the command and control of the full spectrum of military operations.

As for next steps, the DoD said it will do the following regarding its cyberdefenses:

  • Enhance "cyber hygiene best practices."
  • Focus on insider threats via monitoring, workforce communications and accountability and information management.
  • Deploy "an active cyber defense capability" to prevent intrusions.
  • Develop new network architectures.

The end state is to form an "adaptive defense."

Topic: Networking

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

26 comments
Log in or register to join the discussion
  • RE: DoD: 24,000 files swiped in March from military contractor systems

    Build a private intranet...the gates into it could be protected much more easily than an open system.
    haikued2
    • RE: DoD: 24,000 files swiped in March from military contractor systems

      @haikued2

      Either way it's going to cost a ton of money. What existing rat hole do you want to plug in order to get funding for this? Or do we simply just raise the debt ceiling and open up yet another line of credit from China? Funny, isn't it primarily China that we are defending ourselves against with all of this information leakage, including the weapons systems themselves?
      Rabid Howler Monkey
    • they already have one

      @haikued2 According to Richard Clarke's book, the DOD has several layers of private intranets, including a supposedly super-secure one called SIPRNET that was breached via USB drives. Because the network was supposedly so secure, they didn't bother doing any antivirus scanning and the resuls were what you'd expect.
      scripter
      • Breached by human failing

        @scripter, any equipment used on the SIPRNET is not supposed to [b]ever[/b] be connected to a non-secure computer or network. Connecting that USB stick to the SIPRNET was a violation of regulations.

        According to my [extremely unofficial] information, physical security was not compromised and no data was leaked, but a lot of time was wasted cleaning up the virus outbreak.
        NickNielsen
      • When I created a policy for some Gov. secure institution,

        except of technical means there were also human oriented means included. Before any employee was allowed to touch any ICT mean which could be misused or damaged he/she had to pass through a training and sign agreement that he/she will be terminated immediately and reported to Police if he/she violates that agreement. The training was repeated periodically. Never any problem of that kind happened. :)
        drleos
    • Oh sure use something like a windows system...NOT

      @haikued2 ...... your brain dead, that's for sure
      Over and Out
    • RE: DoD: 24,000 files swiped in March from military contractor systems

      @haikued2 I thought that was what the government or Google was going to do two years ago when the Military started laying down Social Media Policies.
      mcfaddenmn@...
  • RE: DoD: 24,000 files swiped in March from military contractor systems

    I work for a bank. I access the internal bank network from the open internet. The PC is use has specially encrypted disks - if the disk is put in another machine it becomes un-decrtptable. I have 3 separate encrypted logins to go thru to access the internal network. My PC and netcard are known to the gatekeeper firewall which blocks any access whether internal or external to the bank's internal network. All transmissions thru the internet are encrypted with a key that changes every 60 seconds.

    Perhaps the DoD should take security as seriously as we in the banking industry.
    jonesbl
    • RE: DoD: 24,000 files swiped in March from military contractor systems

      @jonesbl
      If only. http://www.wired.com/threatlevel/2011/06/citibank-hacked/
      scripter
    • Ok, I'll byte... Banks have a bad security reputation.

      @jonesbl @jonesbl , Never discuss your security outside your approved chain-of-custody. When you do you are saying one of three things; 1) I don't know about security. 2) Honeypot/tarpit because we have a problem. 3) Head on a pigpole to scare off audits. ...just saying.
      Pappaous
  • RE: DoD: 24,000 files swiped in March from military contractor systems

    Need to return to the days when the military operated its own independent networks, terminals that contained classified information were not connected to a public network, and any DOD contractors that want to have a contract with the government and has a need for classified material should maintain computers that are stand alone or on a military only network. its quite simple, you cant hack what you cant connect with. the military's move to utilize public networks has left them increasingly vulnerable to this type of attack and to the possibility of other attacks. When are they going to learn that you cant leave this level of security in the private sectors hands, where the solo concern is profit and are not going to spend 1 cent more than they have to.
    knelson276
    • They still do

      @knelson276, the military operates the Secret Internet Protocol Router Network (SIPRNET) using external encryption devices. The entire network is encrypted and (to the best of my knowledge) there is no physical link to any non-secure network.

      The files that were swiped were on an administrative network designed to allow contractors and contract managers to communicate documents between themselves. While information on this network may be sensitive, it is not classified.
      NickNielsen
      • RE: DoD: 24,000 files swiped in March from military contractor systems

        Once again confirming the old adage, a (security) chain is only as strong as its weakest link, which in this case happened to be the admin network.
        MadHatter1
  • RE: DoD: 24,000 files swiped in March from military contractor systems

    Looks like we're going to have to send more money the Pentagon's way...
    savemeaslice@...
  • RE: DoD: 24,000 files swiped in March from military contractor systems

    Someone needs to go to jail for this, enough is enough!!!
    mschore@...
  • RE: DoD: 24,000 files swiped in March from military contractor systems

    I'm certainly no security authority but something about this story just doesn't pass the smell test. How do they know it was 24,000 files and did those files actually disappear? Stealing data typically involves copying it, not removing it. I can think of any number of internal screw-ups that could have caused those files to disappear.
    davew2492
    • RE: DoD: 24,000 files swiped in March from military contractor systems

      @davew@... Forensic investigations of compromised computer systems can tell you a lot. Some of what you can do are: you know what files were taken by looking at logs of traffic and seeing what files were copied by the contents. You also look at computer logs and see the commands used by the thieves in your logs if they didn't wipe them well enough. You also do analysis of the traffic patterns logged by your network equipment and you can see the times, sizes and other details of traffic to the location you suspect is the outbound point of the stolen documents.
      And then you start following the trail of that traffic, and look at any of the waypoints where the data was copied to and there are also traces there that you can identify the files by.
      We can do a lot more than just see files are missing. But stopping the breaches and loss of data is not easy. They don't say here how this breach happened so I can't comment on how it would be stopped.
      sysop-dr
    • RE: DoD: 24,000 files swiped in March from military contractor systems

      @davew@... right , it could be copied or existing to be deleting. your no security authority, you should use the smell test on yourself
      tazmanrising
  • RE: DoD: 24,000 files swiped in March from military contractor systems

    Crime without punishment. In some cases, on both sides of the screen. In others, hard to get, seemingly worthy of the chase, disinformation.
    trm1945
  • At this point...

    The military should declare them enemy combatants and blow them up with a missile ;) Too bad we are slow like a snail and by the time they find out who is doing it they will have moved, died, and had 3 generations. They just blew up someone elses house.
    x21x