A foreign intelligence service stole 24,000 files from a US defense contractor earlier this year, a dramatic illustration of the threat confronting the Pentagon as it works to bolster military computer security, a top US defense official said on Thursday.
US Deputy Defense Secretary William Lynn revealed the theft as he unveiled a new Pentagon cybersecurity strategy that designates cyberspace as an “operational domain” like sea, air and land where US forces will practice, train and prepare to defend against attacks.
Lynn said the theft occurred in March and was believed to have been carried out by a foreign intelligence service and targeted files at a defense contractor developing weapons systems and defense equipment. He declined to specify the country behind the attack, what company was hit or what the files contained.
“It was 24,000 files, which is a lot,” Lynn said. “But I don’t think it’s the largest we’ve seen.”
The theft was a dramatic illustration of the rising difficulties the Pentagon faces in protecting military and defense-related networks critical to US security.
US Defense Department employees operate more than 15,000 computer networks and 7 million computers at hundreds of installations around the world. The department’s networks are probed millions of times a day and penetrations have compromised huge amounts of data.
Lynn said a recent estimate pegged economic losses from theft of intellectual property and information from government and commercial computers at more than US$1 trillion.
In addition to calling for the Pentagon to treat cyberspace as an “operational domain,” Lynn said the new strategy includes four initiatives aimed at bolstering network security by layering defenses and improving cooperation with other network operators.
Lynn said as part of its active defenses, the Pentagon would introduce new operating concepts and capabilities on its networks, such as sensors, software and signatures to detect and stop malicious code before it affects US operations.
“Our strategy’s overriding emphasis is on denying the benefit of an attack,” he said in a speech at the National Defense University. “If an attack will not have its intended effect, those who wish us harm will have less reason to target us through cyberspace in the first place.”
The strategy also calls for greater US military cooperation on cybersecurity with other government agencies, defense contractors and US military allies abroad in order to take advantage of the open, interwoven nature of the Internet.
Former Homeland Security Secretary Michael Chertoff, who now heads the Chertoff Group risk management firm, praised the strategy as a “good first step,” but said the challenge would be filling in the details.
“It’s not put your pencil down, work is done,” he said. “It really just sets the table for a lot of hard work thinking through the details of what the plans are going to be, what the capabilities have to be and how we’re going to build the various layers of defense.”
He cited the possibility of creating secure communities on the Internet for some functions, finding ways to encourage individuals to practice computer security and sharing security-related information more widely between public and private sectors.
“These are going to be hard things to do because they are going to require trade-offs,” Chertoff said. “You’re not going to eliminate the risk of cyberattacks. What you have to do is minimize and manage those risks.”
Vice Chairman of the Joint Chiefs of Staff General James Cartwright said the Pentagon must shift its thinking on cybersecurity from focusing 90 percent of its energy on building better firewalls and only 10 percent on preventing hackers from attacking US systems.
“If your approach to the business is purely defensive in nature, that’s the Maginot line approach,” he said, referring to the French fixed defensive fortifications that were circumvented by the Nazis at the outset of World War II.
“If it’s OK to attack me and I’m not going to do anything other than improve my defenses every time you attack me, it’s very difficult to come up with a deterrent strategy,” he said.
Cartwright said that part of the answer was to build up the military’s offensive response capabilities.
“How do you build something that convinces a hacker that doing this is going to be costing them and if he’s going to do it, he better be willing to pay the price and the price is going to escalate, rather than his price stays the same and ours escalates,” Cartwright said. “We’ve got to change the calculus.”
Republican US lawmakers on Friday criticized US President Joe Biden’s administration after sanctioned Chinese telecoms equipment giant Huawei unveiled a laptop this week powered by an Intel artificial intelligence (AI) chip. The US placed Huawei on a trade restriction list in 2019 for contravening Iran sanctions, part of a broader effort to hobble Beijing’s technological advances. Placement on the list means the company’s suppliers have to seek a special, difficult-to-obtain license before shipping to it. One such license, issued by then-US president Donald Trump’s administration, has allowed Intel to ship central processors to Huawei for use in laptops since 2020. China hardliners
A top Vietnamese property tycoon was on Thursday sentenced to death in one of the biggest corruption cases in history, with an estimated US$27 billion in damages. A panel of three hand-picked jurors and two judges rejected all defense arguments by Truong My Lan, chair of major developer Van Thinh Phat, who was found guilty of swindling cash from Saigon Commercial Bank (SCB) over a decade. “The defendant’s actions ... eroded people’s trust in the leadership of the [Communist] Party and state,” read the verdict at the trial in Ho Chi Minh City. After the five-week trial, 85 others were also sentenced on
‘DELUSIONAL’: Targeting the families of Hamas’ leaders would not push the group to change its position or to give up its demands for Palestinians, Ismail Haniyeh said Israeli aircraft on Wednesday killed three sons of Hamas’ top political leader in the Gaza Strip, striking high-stakes targets at a time when Israel is holding delicate ceasefire negotiations with the militant group. Hamas said four of the leader’s grandchildren were also killed. Ismail Haniyeh’s sons are among the highest-profile figures to be killed in the war so far. Israel said they were Hamas operatives, and Haniyeh accused Israel of acting in “the spirit of revenge and murder.” The deaths threatened to strain the internationally mediated ceasefire talks, which appeared to gain steam in recent days even as the sides remain far
RAMPAGE: A Palestinian man was left dead after dozens of Israeli settlers searching for a missing 14-year-old boy stormed a village in the Israeli-occupied West Bank US President Joe Biden on Friday said he expected Iran to attack Israel “sooner, rather than later” and warned Tehran not to proceed. Asked by reporters about his message to Iran, Biden simply said: “Don’t,” underscoring Washington’s commitment to defend Israel. “We are devoted to the defense of Israel. We will support Israel. We will help defend Israel and Iran will not succeed,” he said. Biden said he would not divulge secure information, but said his expectation was that an attack could come “sooner, rather than later.” Israel braced on Friday for an attack by Iran or its proxies as warnings grew of