Lockheed Martin Network Attack Highlights Dangers of 'Cyber-Cold War'

News Analysis: Recent cyber-attacks against Lockheed Martin and other U.S. defense contractors show why every company needs to beef up their IT security systems to protect themselves from the expanding "cyber-cold war."

The recent cyber-attacks on defense contractor Lockheed Martin, which the company disclosed at the end of May, appear to mark an escalation of a "cyber-cold war" that few realize has been going on for some time.

Recent sophisticated cyber-attacks have focused on some the most sensitive defense contractors in the U.S. But there is a high likelihood the attacks will spread to other industries, as well. If your company does business with a defense contractor, a bank, an electric utility or a phone system, you're at risk. Cyber-attackers may hit you if it even appears that you might provide a pathway to the bigger target they really want. So you need to make sure your security is up to snuff.

Lockheed Martin issued statements that itdiscovered the attack nearly as soon as it started and that it believes no data was stolen. A separate prepared statement by Lockheed Martin CIO Sondra Barbour said the company thwarted the attack by shutting down the VPN that gave employees and contractors remote access to the company's IT systems. Other actions included resetting all user passwords, upgrading remote access to new access RSA SecurID tokens and "adding a new level of security to our remote-access network log-on procedure," Barbour's statement said.

Others, however, are saying more. Tom Kellermann, a member of President Obama's commission on cyber-security, and CTO of mobile security application provider AirPatrol told Bloomberg TV that the attack was more than likely state-sponsored.

However, Kellermann declined to specify what country may have sponsored the attack and said that it's impossible to know for sure since many countries have that ability. Kellermann noted that many people are blaming China and Russia for the attack, but that this isn't necessarily the case.

What is known is that the attack against Lockheed Martin may be related to a successful attack against RSA earlier this year in which the algorithms used to generate keys on the company's SecureID security tokens were taken. Since that breach, other SecureID customers, including Northrop Grumman and L3 Communications, both major defense contractors, have been attacked.

The attack initially targeted Lockheed Martin's network, and when that failed, the hackers tried to attack the company through other companies that do business with Lockheed Martin, according to Kellermann.

Lockheed Martin has beefed up its security to world-class standards over the years since the Chinese military was able to successfully penetrate the company's security. It's impossible to know whether China was involved in the most recent set of attacks, although the Chinese government did promise sanctions against the company for its plan to supply F-16 fighter jets to Taiwan. That sale is apparently going ahead on schedule.

The Department of Defense is about finished with a revised plan for dealing with cyber-attacks in which some such attacks would be viewed as acts of war, and could be met with a military response, according to an Agence France Presse report in Defense News. The Pentagon's plans have been in development since a cyber-attack on the U.S. Army in 2008.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...