Home / Blogs

Pentagon Reveals Largest Ever Loss of Defense Data in Cyberattack

The Associated Press published an article today that the Pentagon revealed that earlier this year, they suffered one of its largest ever loss of sensitive data to a foreign government by a cyberattack. From the article:

The Pentagon on Thursday revealed that in the spring it suffered one of its largest losses ever of sensitive data in a cyberattack by a foreign government. It’s a dramatic example of why the military is pursuing a new strategy emphasizing deeper defenses of its computer networks, collaboration with private industry and new steps to stop “malicious insiders.”

William Lynn, the deputy secretary of defense, said in a speech outlining the strategy that 24,000 files containing Pentagon data were stolen from a defense industry computer network in a single intrusion in March. He offered no details about what was taken but said the Pentagon believes the attacker was a foreign government. He didn’t say which nation.

“We have a pretty good idea” who did it, Lynn said in an interview before the speech. He would not elaborate.

Okay, then I’ll speculate. It was China.

The Pentagon has long worried about the vulnerability of its computer systems. The concern has grown as the military becomes more dependent not only on its own computers but also on those of its defense contractors, including providers of the fuel, electricity and other resources that keep the military operating globally.

At his Senate confirmation hearing last month, new Defense Secretary Leon Panetta cited “a strong likelihood that the next Pearl Harbor” could well be a cyberattack that cripples the U.S. power grid and financial and government systems. He said last weekend that cybersecurity will be one of the main focuses of his tenure at the Pentagon.

It’s hard to say what’s right and what’s wrong. On the one hand, the Secretary of Defense says that the cyberwar is very real. On the other hand, the cyberczar Howard Schmidt said that there is no cyberwar and instead government needs to focus its efforts to fight online crime and espionage (read my post about this here).

Is Panetta right? Are we headed for a future electronic Pearl Harbor? Or is this an incoming government bureaucrat who is trying to secure funding for his department and therefore overplaying his hand?

In [vice-Chairman of the Joint Chiefs of Staff, Marine General James]Cartwright’s view, a largely defensive approach to the problem is inadequate. He said the Pentagon currently is focused 90 per cent on defensive measures and 10 per cent on offence; the balance should be the reverse, he said. For the federal government as a whole, a 50-50 split would be about right, Cartwright argued.

“If it’s OK to attack me and I’m not going to do anything other than improve my defenses every time you attack me, it’s difficult” to stop that cycle, Cartwright said.

Hmm, so the military believes that they must shift to an offensive strategy, eh? Just like football, the best defense is a good offense? If you’re a boxer and all you are doing is taking punches and absorbing hits, eventually you are going to get tired and bruised and fall over. To weaken your enemy, you need punch back and hurt your opponent so he stops hurting you, and spends more time defending your blows rather than landing his own.

Of course, this assumes that the United States is spending no time of its own doing their own military espionage. I was reading an article somewhere that the US was complaining about being probed by China’s cyber spies. The interviewer then asked the security expert “Doesn’t the US do any snooping of its own into China’s network?” The expert then said (and I paraphrase very loosely) “Probably.”

I’m pretty sure that the Chinese aren’t doing anything that probably every other government is doing in some shape or fashion. Western governments for years have launched covert operations against enemy countries to gather intelligence. Why wouldn’t they do the same thing now and do it high tech? And then claim that they are being hit all the time by the Chinese? It’s a great way to misdirect from your own subterfuge while drumming up support for a motive to do it to the other guys. And then, even if you get caught doing it, you already have public support on your side!

That’s what I’d do if I were in charge.

By Terry Zink, Program Manager

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet




Sponsored byDNIB.com

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix


Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global