We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
 

24,000 Pentagon Files Stolen in Major Cyberattack

DOD discloses it was hit by a major cyberattack in March as it outlines new Strategy for Operating in Cyberspace initiative.

The Department of Defense says it was hit by a cyberattack by a "foreign intelligence service" that managed to pilfer 24,000 sensitive files.The attack, which occurred in March, was perpetrated by an unnamed "nation state," according to Deputy Defense Secretary William J. Lynn III. Lynn who disclosed the breach during a speech Thursday outlining the Pentagon's new cyber strategy for dealing with cyber-breaches.

The Washington Post reports that the files were stolen from a defense contractor. Lynn did not name the "nation state" involved, nor did he disclose the nature of the files that were stolen. The admission of the breach appears to be nothing more than a justification of the Department of Defense's new "Strategy for Operating in Cyberspace" (PDF).

The new strategy, outlined in the afore-linked 19-page document, has five "strategic initiatives," or "goals."

1. Treat cyberspace as an "operational domain" with specially organized, trained, and equipped forces.

2. Employ new defense operating concepts to protect DoD networks and systems.

3. Partner with other U.S. government departments to enable a "whole-of-government" cybersecurity strategy.

4. Build relationships with U.S. allies and international partners.

5. Recruit, educate, and train "the nation's ingenuity" to help improve cybersecurity.

Under the new cybersecurity guidelines, a cyberattack could be considered an act of war, and warrant a "proportional and justified military response at the time and place of its choosing," Lynn said. Of course, for a cyberattack to be considered an act of war, it must bring effects comparable to those brought about in a more traditional act of war--massive damage, massive human losses, or significant economic damages.

"It would be in those circumstances that I think the President would consider all the tools he has--economic, diplomatic, and as a last resort, military," Lynn said.

This is far from the first discussion of cyberattacks as acts of war--in fact, hacktivist group LulzSec is largely a product of the initial reports that the Department of Defense planned to take a more serious approach to hacking. In one of LulzSec's first appearances, the hacking group claimed it hacked and defaced the web site of the Atlanta chapter of InfraGard, an organization affiliated with the FBI, in response to NATO and President Obama's "upping the stakes."

Lynn also noted that, over the past few years, "all manner of data has been stolen," from the mundane to the incredibly sensitive, including "aircraft avionics, surveillance technologies, satellite communications systems, and network security protocols" by "foreign intruders from corporate networks of defense companies."

In other words, it looks like two things are true: first, the U.S. government seriously needs to put the cyber-lockdown on its data, and second, LulzSec totally misinterpreted the initial push--the DoD never really cared about Anonymous and LulzSec and 16-year-old hackers with nothing to do (until now, that is).

Follow Sarah on Twitter (@geeklil) or on Facebook

IDG UK Sites

Samsung Galaxy Note 4 release date, price and specs 2014

IDG UK Sites

iOS 8 features wishlist: the changes iPhone and iPad users want in Apple's iOS 8

IDG UK Sites

25 Years of the World Wide Web: Happy Birthday, Intenet

IDG UK Sites

Developers get access to more Sony camera features