24,000 files stolen from DoD contractor in single March attack

Tools

More than 24,000 files were stolen from a Defense Department contractor in a March 2011 attack, Deputy Defense Secretary William Lynn said July 14, while unveiling the Defense Department's first cyberspace strategy. (Click for coverage by sister publication FierceGovernmentIT.)

Defense contractors have long been known to be under concerted attack by foreign sources. Over the past few years, "some of the stolen data is mundane, like the specifications for small parts of tanks, airplanes, and submarines," Lynn said.

But, he added that "a great deal of it concerns our most sensitive systems, including aircraft avionics, surveillance technologies, satellite communications systems, and network security protocols." Lynn unveiled the cyberspace strategy at an event at held at the National Defense University in Washington, D.C.

Later, while talking to reporters, Lynn said the files were downloaded in a single attack, likely by a foreign intelligence service. "In other words, a nation state was behind it," he said. The files were related to systems--Lynn did not specify what kind of systems--being developed for the DoD, he also said.

While delivering his prepared remarks, Lynn said a 90-day pilot of information exchange with "a handful" defense industrial base companies is underway.

"The U.S. government is not monitoring, intercepting, or storing any private sector communications," as a part of the pilot, Lynn said.

"Rather, threat intelligence provided by the government is helping the companies themselves, or the Internet service providers working on their behalf, to identify and stop malicious activity within their networks," he added.

The Senate Armed Services Committee has urged the DoD to expand the pilots to test ISP-generated behavioral pattern-threat detection.

Lynn said the DoD is only beginning to evaluate the effectiveness of the pilot, but said it has already stopped some intrusions and has the potential to scale vertically--to more DIB companies--or horizontally to other sectors DoD deems critical to the military.

The DoD strategy document acknowledges cybersecurity in the supply chain as a risk management "challenge" but does makes no further mention on how DoD plans to mitigate that risk. It also says that software and hardware could be tampered with prior to integration with an operational system and the majority of IT components are manufactured and assembled overseas.

In response to a press question, Lynn said the DoD plan focuses on "one particular aspect of the challenge, which is the threat across networks basically remotely, from other places." Supply chain and insider threats are not the focus of the DoD cyber strategy, he said, adding that an interagency group led by the White House is focusing on that.

"It is not, I think, conceivable--given the breadth of Internet technology--to think we're going to build everything we need inside a ringed fence and we can just examine it and protect it as we build it," said Lynn.

"We're going to have to have diversity in the supply chain. We're going to have to be able to say that if this particular component can be attacked, there needs to be more than one of that kind of component. So, we have an assured path through diversity in layering," said Lynn.

Molly Walker contributed to this article.

For more:
listen to the July 14 event
download the strategy document (.pdf)
download a transcript of Lynn's remarks

Related Articles:
White House: U.S.-Russia operational relationship for cyberspace expected by year end  
DHS official: Security vulnerabilities present in technology supply chain 
SASC urges behavioral pattern threat detection DoD cybersecurity pilot 
White House unveils proposed cybersecurity legislation