July 14, 2011
Hackers Gained Access to Sensitive Military Files
By THOM SHANKER and ELISABETH BUMILLER
WASHINGTON -- The Defense Department suffered one of its worst digital attacks in history in March, when foreign hackers broke into the computers of a corporate contractor and obtained 24,000 sensitive Pentagon files during a single intrusion, senior officials said on Thursday.
The disclosure came as the Pentagon released a strategy for military operations in cyberspace, embodying a belief that traditional passive programs for defending Pentagon data systems are insufficient in an era when espionage, crime, disruptions and attacks are increasingly carried out over the Internet.
In releasing the strategy, William J. Lynn III, the deputy defense secretary, disclosed that over the years "crucial" files stolen from defense industry data networks have included plans for missile tracking systems, satellite navigation devices, unmanned surveillance drones and top-of-the-line jet fighters.
Some of the stolen data was mundane, and included plans for small parts of tanks, airplanes and submarines, he said.
"But a great deal of it concerns our most sensitive systems, including aircraft avionics, surveillance technologies, satellite communications systems and network security protocols," Mr. Lynn disclosed.
Pentagon and administration officials declined to identify the military contractor whose data system was compromised in the March attack. They also refused to name the nation they suspected was the culprit, saying that any accusation was a matter of official, if confidential, diplomatic dialogue.
However, when major intrusions against computers operated by the Pentagon or military contractors have occurred in the past, officials have regularly blamed China, and sometimes Russia. Even so, it remains unknown whether the attacks were officially sponsored by those governments or were the work of industrial competitors or criminal hackers operating from inside those nations.
"Current countermeasures have not stopped this outflow of sensitive information," Mr. Lynn said during a speech at the National Defense University. "We need to do more to guard our digital storehouses of design innovation."
The Pentagon's new strategy, which is the final official piece of a larger effort launched by the Obama administration to defend computer networks operated by the government and the private sector, calls for actively looking for attackers on the Internet rather than waiting for an intruder to attack. "You have to hunt on your own networks," Mr. Lynn said. He stressed the importance of cooperation with foreign partners to spot computer-network threats before they try to crack systems in the United States.
The military's new Cyber Command was ordered to prepare for defensive and offensive operations on computer networks. Officials confirmed that the command has computer programs to carry out offensive operations in cyberspace if it is so ordered by the president.
Though for now the strategy is centered on how the United States can defend itself against an attack, Gen. James Cartwright, the vice chairman of the Joint Chiefs of Staff, said the Pentagon had to focus on offense -- including the possibility of responding to a cyber attack with military action.
"If it's O.K. to attack me and I'm not going to do anything other than improve my defenses every time you attack me, it's very difficult to come up with a deterrent strategy," General Cartwright told reporters on Thursday.
He said that American military commanders were now devoting 90 percent of their attention to building better firewalls and only 10 percent to ways of keeping hackers from attacking in the first place. He said a better strategy for the Pentagon would be the reverse, focusing almost entirely on offense.
The Pentagon, he said, needs a strategy "that says to the attacker, if you do this, the price to you is going to go up, and it's going to ever escalate." He added that right now "we're on a path that is too predictable -- it's purely defensive, there is no penalty for attacking right now."
Officials say the main challenge for the United States in mounting a cyber counterattack is determining with certainty who is attacking. The Internet makes it relatively easy for an online assailant to mask his or her identity, even if the geographic location where the attack originated can be confirmed.
Mr. Lynn said most major efforts to probe and penetrate sensitive computer networks were still being mounted by large rival nations, and were focused more on espionage than sabotage.
"U.S. military power offers a strong deterrent against overtly destructive attacks," he said. "Although attribution in cyberspace can be difficult, the risk of discovery and response for a major nation is still too great to risk launching destructive attacks against the United States."
However, he warned that the techical expertise needed to carry out harmful Internet raids was certain to migrate to smaller rogue states and to nonstate actors, in particular terrorist organizations.
If a terrorist group obtains "disruptive or destructive cyber tools, we have to assume they will strike with little hesitation," Mr. Lynn said.