The Pentagon admitted a defense contractor had suffered a major data breach in March in a speech announcing a cyber-strategy plan emphasizing defensive tactics.
foreign government was behind a March cyber-attack against military computers
that led to 24,000 files being stolen from a defense contractor, the Department
of Defense said. The intruders were after files related to missile tracking
systems, unmanned aerial vehicles and the Joint Strike Fighter.
revelation came in a July 14 speech at the National Defense University in
Washington, D.C., by William Lynn, the deputy secretary of defense. The main
purpose of the speech was for Lynn to elaborate on the Department of Defense's
plans to defend U.S. networks against cyber-attacks. The plans include
defending key civilian networks controlled by transportation and utility
companies and financial institutions from cyber-attacks.
is a significant concern that over the past decade terabytes of data have been
extracted by foreign intruders from corporate networks of defense companies,"
departments of Defense and Homeland Security have jointly created a pilot
program called Defense Industrial Base Cyber-Pilot to share classified
information with defense contractors and commercial ISPs.
government won't be monitoring, intercepting or storing any private-sector
communications under the program, Lynn said. Instead, the threat intelligence
collected by the government will be used by the companies and the ISPs to
identify and stop malicious activity within their networks.
officials had said previously the United States would view cyber-attacks on key
security systems as an act
. Privacy advocates have expressed concern that the military might
put in measures to defend cyberspace that would actually restrict and limit how
civilians currently live and work online. The Defense Department tempered its
language slightly by saying the United States reserves the right to use
"whatever response is appropriate."
DoD Cyber-Strategy, unveiled during the speech, emphasizes cyber-defenses to
boost the government's ability to fight back against attacks rather than
increasing the military's offensive capabilities, Lynn said. The Pentagon is
"committed to protecting the peaceful use of cyberspace," Lynn said,
noting that the goal is to prevent others from using cyberspace for hostile
robust cyber-defenses no more militarizes cyberspace than a navy militarizes
the ocean," Lynn said.
defend against cyber-attacks, the Pentagon will integrate cyber-scenarios into
military exercises and training, the plan said. Strategic partnerships with the
private sector will focus on improving "cyber-hygiene" on civilian
networks and developing new technology for the department's use. The Defense Department
also plans to recruit and train a "cyber-talent base" and set up
cyber-capabilities in the Reserve and National Guard.
has been the case in previous discussions on cyber-security, the definition of
"critical infrastructure" remained unclear. Neither the speech nor
the strategy document clarified whether popular Websites like Google could be
classified as such or if the classification would be narrowed down to
facilities such as power plants and defense contractor networks. It was also
unclear if the Pentagon will have authority and oversight over network
operators in the private sector, or if it will play an advisory role.
department listed cyberspace as the "fifth domain" of warfare, after
air, land, sea and space, in the 13-page unclassified version of the strategy
released with the speech. The department "depends on cyberspace to
function," the document said, noting that the Department of Defense
operates more than 15,000 networks and more than 7 million devices in hundreds
of locations around the globe. The government spends millions of dollars every
year securing the network against increasing numbers of attacks.
reliance on cyberspace stands in stark contrast to the inadequacy of our cyber-security,"
probe Pentagon networks millions of times every day looking for classified
information, and "malicious insiders" are stealing files. Adversaries
are developing sophisticated and widely available tools to hack into secure
networks. More than 60,000 "new malicious software programs or variations are
identified every day, threatening our security, our economy and our citizens,"
Defense Secretary Leon Panetta said in a statement.
assessment is that cyber-attacks will be a significant component of any future
conflict, whether it involves major nations, rogue states or terrorist
groups," Lynn said.