Pentagon says hackers accessed 24,000 files
WASHINGTON - The Pentagon revealed yesterday it suffered one of its largest losses ever of sensitive data this spring in a cyberattack by a foreign government. It is a dramatic example of why the military is pursuing a new strategy emphasizing deeper defenses of its computer networks, collaboration with private industry, and new steps to stop “malicious insiders.’’
William Lynn, the deputy secretary of defense, said in a speech outlining the strategy that 24,000 files containing Pentagon data were stolen from a defense industry computer network in a single intrusion in March. He offered no details about what was taken but said the Pentagon believes the attacker was a foreign government. He did not say which nation.
“We have a pretty good idea’’ who did it, Lynn said before the speech. He would not elaborate.
Many cyberattacks in the past have been blamed on China or Russia. One of the Pentagon’s fears is that eventually a terrorist group, with less at stake than a foreign government, will acquire the ability to penetrate US computer networks to steal data and to attack them in ways that damage US defenses or cause deaths.
In his speech at the National Defense University, Lynn said that sophisticated computer capabilities reside almost exclusively in states and that US military power is a strong deterrent against overtly destructive cyberattacks. Terrorist groups and rogue states, he said, are harder to deter.
“If a terrorist group gains disruptive or destructive cybertools, we have to assume they will strike with little hesitation,’’ he said.
The Pentagon has long worried about the vulnerability of its computer systems. The concern has grown as the military becomes more dependent not only on its own computers but also on those of its defense contractors, including providers of the fuel, electricity, and other resources that keep the military operating.
At his Senate confirmation hearing last month, new Defense Secretary Leon Panetta cited “a strong likelihood that the next Pearl Harbor’’ could well be a cyberattack that cripples the US power grid and financial and government systems. He said last weekend that cybersecurity will be one of the main focuses of his tenure at the Pentagon.
Lynn said intrusions in the last few years have compromised some of the Pentagon’s most sensitive systems, including surveillance technologies and satellite communications systems. Such penetrations of defense industry networks have been targeting a wide swath of military hardware, including missile tracking systems and drone aircraft, he said.
The strategy unveiled by Lynn is oriented toward defensive rather than offensive measures. It calls for developing more resilient computer networks so the military can continue to operate if critical systems are breached or taken down. It also says the Pentagon must improve its workers’ cyber “hygiene’’ to keep viruses and other intrusions at bay. And it calls for fuller collaboration with other federal agencies, companies, and foreign allies.