Pentagon Admits Major Data BreachBy Channel Insider Staff | Posted 2011-07-15 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
The Pentagon admitted a defense contractor had suffered a major data breach in March. The admission came during a speech announcing a cyber-strategy plan and defensive tactics.
A foreign government was behind a March cyber-attack against military computers that led to 24,000 files being stolen from a defense contractor, the Department of Defense said. The intruders were after files related to missile tracking systems, unmanned aerial vehicles and the Joint Strike Fighter.
The revelation came in a July 14 speech at the National Defense University in Washington, D.C., by William Lynn, the deputy secretary of defense. The main purpose of the speech was for Lynn to elaborate on the Department of Defense's plans to defend U.S. networks against cyber-attacks. The plans include defending key civilian networks controlled by transportation and utility companies and financial institutions from cyber-attacks.
It is a significant concern that over the past decade terabytes of data have been extracted by foreign intruders from corporate networks of defense companies, Lynn said.
The departments of Defense and Homeland Security have jointly created a pilot program called Defense Industrial Base Cyber-Pilot to share classified information with defense contractors and commercial ISPs.
The government won't be monitoring, intercepting or storing any private-sector communications under the program, Lynn said. Instead, the threat intelligence collected by the government will be used by the companies and the ISPs to identify and stop malicious activity within their networks.
Pentagon officials had said previously the United States would view cyber-attacks on key security systems as an act of war. Privacy advocates have expressed concern that the military might put in measures to defend cyberspace that would actually restrict and limit how civilians currently live and work online. The Defense Department tempered its language slightly by saying the United States reserves the right to use "whatever response is appropriate."
The DoD Cyber-Strategy, unveiled during the speech, emphasizes cyber-defenses to boost the government's ability to fight back against attacks rather than increasing the military's offensive capabilities, Lynn said. The Pentagon is "committed to protecting the peaceful use of cyberspace," Lynn said, noting that the goal is to prevent others from using cyberspace for hostile purposes.
"Establishing robust cyber-defenses no more militarizes cyberspace than a navy militarizes the ocean," Lynn said.
To defend against cyber-attacks, the Pentagon will integrate cyber-scenarios into military exercises and training, the plan said. Strategic partnerships with the private sector will focus on improving "cyber-hygiene" on civilian networks and developing new technology for the department's use. The Defense Department also plans to recruit and train a "cyber-talent base" and set up cyber-capabilities in the Reserve and National Guard.
To read the original eWeek article, click here: Pentagon Admits Major Data Breach as It Unveils Defensive Cyber-Strategy