News Analysis: Recent cyber-attacks against Lockheed Martin and other U.S. defense contractors show why every company needs to beef up their IT security systems to protect themselves from the expanding "cyber-cold war."
The recent cyber-attacks on
defense contractor Lockheed Martin, which the company disclosed at the end of
May, appear to mark an escalation of a "cyber-cold war" that few realize has
been going on for some time.
Recent sophisticated
cyber-attacks have focused on some the
most
sensitive defense contractors in the U.S. But there is a high likelihood
the attacks will spread to other industries, as well. If your company does
business with a defense contractor, a bank, an electric utility or a phone
system, you're at risk. Cyber-attackers may hit you if it even appears that you
might provide a pathway to the bigger target they really want. So you need to
make sure your security is up to snuff.
Lockheed Martin issued
statements that it
discovered the attack nearly as soon as it started and that it believes no
data was stolen. A separate prepared statement by Lockheed Martin CIO Sondra
Barbour said the company thwarted the attack by shutting down the VPN that gave
employees and contractors remote access to the company's IT systems. Other
actions included resetting all user passwords, upgrading remote access to new
access RSA SecurID tokens and "adding a new level of security to our remote-access
network log-on procedure," Barbour's statement said.
Others, however, are saying
more. Tom Kellermann, a member of President Obama's commission on cyber-security,
and CTO of
mobile security
application provider AirPatrol told Bloomberg TV that the attack was
more than likely state-sponsored.
However, Kellermann declined
to specify what country may have sponsored the attack and said that it's
impossible to know for sure since many countries have that ability. Kellermann
noted that many people are blaming China and Russia for the attack, but that this
isn't necessarily the case.
What is known is that the
attack against Lockheed Martin may be related to a successful attack against
RSA earlier this year in which the algorithms used to generate keys on the
company's SecureID security tokens were taken. Since that breach, other
SecureID customers, including Northrop Grumman and L3 Communications, both
major defense contractors, have been attacked.
The attack initially
targeted Lockheed Martin's network, and when that failed, the hackers tried to
attack the company through other companies that do business with Lockheed Martin,
according to Kellermann.
Lockheed Martin has beefed
up its security to world-class standards over the years since the Chinese
military was able to successfully penetrate the company's security. It's
impossible to know whether China was involved in the most recent set of
attacks, although the Chinese government did promise sanctions against the company
for its plan to supply F-16 fighter jets to Taiwan. That sale is apparently
going ahead on schedule.
The Department of Defense is
about finished with a revised plan for dealing with cyber-attacks in which some
such attacks would be viewed as acts of war, and could be met with a military
response, according to an Agence France Presse report in
Defense News. The Pentagon's plans have been in development since a
cyber-attack on the U.S. Army in 2008.
Email
Print
Wayne Rash is a Senior Analyst for eWEEK Labs and runs the magazine's Washington Bureau. Prior to joining eWEEK as a Senior Writer on wireless technology, he was a Senior Contributing Editor and previously a Senior Analyst in the InfoWorld Test Center. He was also a reviewer for Federal Computer Week and Information Security Magazine. Previously, he ran the reviews and events departments at CMP's InternetWeek.
