US Military System Design Badly Compromised in March Cyber Attack?

Various news outlets like the New York Times are reporting that the Deputy Secretary of Defense William J. Lynn III  stated that an unnamed US defense contractor's computer system had been penetrated in March and that some 24,000 files pertaining to an unnamed military system had been stolen.

Secretary Lynn's disclosure came in a speech yesterday at the National Defense University announcing the US Department of Defense Strategy for Operating in Cyberspace (PDF).

Secretary Lynn said in his speech that the US cyber strategy primarily was defensive in nature, but again reiterated that the US would not shy away from taking the initiative in defending itself. He stated that the strategy rested on five pillars, which are summarized in an American Forces Press Service story: treat cyber as a domain; employ more active defenses; support the Department of Homeland Security in protecting critical infrastructure networks; practice collective defense with allies and international partners; and reduce the advantages attackers have on the Internet.

Secretary Lynn also said in regard to cyber attacks against the US military establishment that:

"When looking across the intrusions of the last few years, some of the stolen data is mundane, like the specifications for small parts of tanks, airplanes, and submarines.  But a great deal of it concerns our most sensitive systems, including aircraft avionics, surveillance technologies, satellite communications systems, and network security protocols.  The cyber exploitation being perpetrated against the defense industry cuts across a wide swath of crucial military hardware, extending from missile tracking systems and satellite navigation devices to UAVs and the Joint Strike Fighter."

Secretary Lynn told reporters after his speech that the information in the 24,000 files taken in March "was data-related to systems that are being developed for the Department of Defense," reported the AFP.

The AFP story also reported Secretary Lynn as saying that the:

" '... compromised information relative to the design of military equipment' but had not 'set us back in terms of the development of the system.' "

Exactly what that statement means is a more than a bit unclear. It almost sounds as if the information taken wasn't too important.

Secretary Lynn also said he did not think the intrusion was related to the SecurID breach or related attacks around the same time.

Secretary Lynn did state, however, that that cyber attack "... was done, we think, by a foreign intelligence service."

"In other words, a nation state was behind it."

Secretary Lynn declined to state which nation state he thought it was, or what the US had done to discourage it from doing so again in the future.

PHOTO: iStockphoto

Related Stories

Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Contributor
Willie D. Jones
 

Newsletter Sign Up

Sign up for the ComputerWise newsletter and get biweekly news and analysis on software, systems, and IT delivered directly to your inbox.

Advertisement
Advertisement