Hackers have accessed design plans for more than two dozen U.S. weapons systems, according to a confidential report by the Pentagon's Defense Science Board (DSB) that was leaked to The Washington Post.
The affected systems were listed in a confidential version of the report, and include the PAC-3 Patriot missile system and the Navy's Aegis ballistic-missile defense system. Hackers were also reportedly able to uncover plans for various aircraft and vessels, including the F/A-18 fighter jet and the V-22 Osprey aircraft, as well as the F-35 Joint Strike Fighter, which is expected to cost about $1.4 trillion. A public version of the report, without the list of affected systems, was made available in January.
"DoD [Department of Defense] and its contractor base have already sustained staggering losses of system design information incorporating decades of combat knowledge and experience that provide adversaries insight to technical designs and system use," the board wrote in the public version of the report.
The DSB report did not name the party behind the security breaches, though senior military and defense industry officials familiar with the breaches told The Post that Chinese espionage was to blame. Just recently, a report from the Commission on the Theft of American Intellectual Property claimed China accounts for between 50 and 80 percent of U.S. intellectual property theft. In addition, the Pentagon also recently released a report subtitled "Military and Security Developments Involving the People's Republic of China 2013" that specifically accuses China of conducting cyber-operations against the United States. China has traditionally denied any involvement in cyber-attacks.
In the public version of its report, the DSB declared that after conducting an 18-month study, a DSB task force found that the country cannot be sure its critical IT systems will work if attacked by a "sophisticated and well-resourced opponent" using cyber capabilities with their military and intelligence resources. The Department of Defense needs to build a more effective response to such threats, according to the report.
"Nearly every conceivable component within DoD is networked," the report noted. "These networked systems and components are inextricably linked to the department's ability to project military force and the associated mission assurance. Yet, DoD's networks are built on inherently insecure architectures that are composed of, and increasingly using, foreign parts."
Although the DoD carefully secures the use and operation of weapon system hardware, it lacks the same attention for complex IT systems used to support and operate "weapons or critical IT capabilities embedded within them," the report stated.
While the attacks are a concern, the bigger issue is the ineffectiveness of the nation's defensive response thus far, said Dwayne Melancon, chief technology officer at Tripwire.
"Structure and process can be effective cyber-security tools, but the reality is that cyber-attackers are extremely adaptable and nimble so a rigid approach to defense gets in the way," he said. "The key challenge for the U.S. will be reimagining how we approach this battle so that we can create a much more resilient and aware set of cyber-security capabilities."