Foreign hackers stole 24,000 U.S. military files in a single attack on a defense contractor in March in one of the Pentagon’s worst cyber attacks, Deputy Defense Secretary William Lynn disclosed today.
Cyber attacks over the last few years have compromised “our most sensitive systems, including aircraft avionics, surveillance technologies, satellite communications systems and network security protocols,” Lynn said in a speech at National Defense University in Washington, where he released the Pentagon’s new strategy on cyber security.
While he didn’t identify the contractor hit by the March attack, he said terabytes of data have been extracted from defense companies over the past decade.
“The cyber exploitation being perpetrated against the defense industry cuts across a wide swath of crucial military hardware,” including missile tracking systems, satellite navigation devices and the Joint Strike Fighter jet, Lynn said.
“Current countermeasures have not stopped this outflow of sensitive information,” he said. “We need to do more to guard our digital storehouses of design innovation.”
To combat future attacks, the Defense Department and the Department of Homeland Security have begun a pilot program with a “handful” of defense companies to provide more “robust” protection of their computer networks, Lynn said. Classified threat intelligence is shared with defense contractors or their commercial Internet service providers, he said.
“By furnishing this threat intelligence, we are able to help strengthen these companies’ existing cyber defenses,” Lynn said.
Lynn didn’t name the country suspected to have been the origin of the March attack. Officials in the past have often blamed China. Lynn didn’t say whether the March attack was sponsored by a foreign government or the work of criminal hackers.
To contact the reporter on this story: David Lerman in Washington at Dlerman1@bloomberg.net.