Defense Archives

The Pentagon and the Homeland Security Department are aiding Defense contractor Lockheed Martin Corp. on an investigation into a cyber attack that reportedly infiltrated the firm's security networks, federal officials said Saturday night.

"DoD is aware of a cyber incident impacting Lockheed Martin and, together with the Department of Homeland Security, is working with the company in determining the extent of the incident," Pentagon spokeswoman Lt. Col. April Cunningham said. "Impact to DoD is minimal and we don't expect any adverse effect."

In the past, the Defense' Cyber Crime Center has been responsible for heading probes into intrusions on .mil networks and systems in the defense industrial base, which includes Lockheed. Homeland Security has focused on helping civilian agencies and commercial companies assess cyber events, such as the recent Sony PlayStation network breach.

But, increasingly, the Pentagon and Homeland Security have been sharing cyber experts, tools and privacy officers, to respond to cyberattacks against government contractors, including one disclosed in March that hit security firm RSA. In that incident, perpetrators compromised a system containing information on RSA-manufactured "SecurID" digital credentials used by many federal employees and contractors.

According to Reuters, which first reported the Lockheed incident on Friday, unidentified hackers "breached [Lockheed] security systems designed to keep out intruders by creating duplicates to SecurID electronic keys," according to one person who was not authorized to publicly discuss the matter. The offenders learned how to copy the security keys with data stolen during the RSA attack, the Reuters story said.

At the time, RSA Executive Chairman Art Coviello announced through a message on the company's website that the data stolen could potentially be used to weaken the security of SecurID devices "as part of a broader attack."

As a matter of policy, Homeland Security and military officials declined to comment on the operations underway to stem damage at Lockheed.

DHS and Defense officials have "been in contact with the company to offer assistance in determining the extent of the incident, performing analysis of available data in order to provide recommendations to mitigate further risk," Homeland Security spokeswoman Amy Kudwa said.

Lockheed officials did not immediately respond to a request for comment.

The Defense Department organization charged with cyber combat is reinforcing military networks by moving much of DoD's computing to a space many civilian agencies view as insecure - the cloud. Cloud computing is the practice of storing and accessing applications in a shared online environment, instead of on in-house servers.

U.S. Cyber Command chief Gen. Keith Alexander told lawmakers on Wednesday the following:

"The idea is to reduce vulnerabilities inherent in the current architecture and to exploit the advantages of cloud computing and thin-client networks, moving the programs and the data that users need away from the thousands of desktops we now use--up to a centralized configuration that will give us wider availability of applications and data combined with tighter control over accesses and vulnerabilities and more timely mitigation of the latter."

The White House has been pressing agencies to outsource information technology services to the Web as a way of phasing out the federal government's more than 2,000 expensive, energy-sucking data centers. But many federal managers are fearful of losing their data in the cloud. What happens in the event of an online outage or if the communal, off-site servers storing their programs are hacked?

Alexander's explanation as to why the cloud will offer Defense good defense:

"This architecture would seem at first glance to be vulnerable to insider threats -- indeed, no system that human beings use can be made immune to abuse -- but we are convinced the controls and tools that will be built into the cloud will ensure that people cannot see any data beyond what they need for their jobs and will be swiftly identified if they make unauthorized attempts to access data."

The need for public safety agencies to have interoperable radios is well-documented. But for Customs and Border Protection, their legacy communications infrastructure is so antiquated that in some cases they are buying parts through the online auction site eBay.

That's according to John Santo, executive director of the CBP's wireless systems program office, part of the Homeland Security Department. Santo was discussing interoperability at a forum sponsored by the Federal Communications Commission Friday.

Nonetheless, he said having been in law enforcement for more than 30 years, he is "really encouraged by the momentum that's growing around" have interoperability standards.

Construction began Thursday on a massive data center in Utah for the National Security Agency as part of the government's program to better protect its computer networks from cyber attacks.

The $1.2 billion contract for the project was awarded in September 2010 and will consist of a 1 million-square-foot facility south of Salt Lake City to support the intelligence community in providing foreign intelligence about cybersecurity threats and protecting Defense Department networks.

Ground was broken Thursday for the project, located inside Camp Williams, a Utah National Guard base near Lehi, Utah. Grading work is already underway for the center which will be capable of generating its own power and will have fuel and water storage, the Deseret News reported.

The construction is expected to bring 5,000 to 10,000 jobs to Utah and will be finished in October 2013, The Salt Lake Tribune reported.

The Armed Services -- particularly the Navy and Marine Corps -- made the best use of Facebook in 2010 among government agencies, according to a new survey.

Facebook's Washington office in late December 2010 asked a handful of social media experts and fans on three Facebook pages (Congress on Facebook, U.S. Politics on Facebook, and Government on Facebook ), for their thoughts on which politicians and government agencies were the most Facebook savvy.

Respondents praised the Navy for posing interactive questions and responding regularly to wall comments. And they commended the Marine Corps for having close to 1 million followers, which is the most of any military branch.

Fans gave honorable mention to the Environmental Protection Agency; Veterans Affairs Department; and the Disability.gov page, which the Labor Department's Office of Disability Employment Policy administers.

Meanwhile, in a separate survey about Twitter, Washington Post readers rated NASA as their favorite government user.

A Christmas e-card that claimed to be from the White House spread something other than cheer this past holiday season. The card actually continued a virus that stole documents from the computers of unsuspecting users.

The card, sent to an unknown number of people, many believed to be in government, was signed from the Executive Office of the President. Recipients who clicked on the link and opened the card.zip file caught a Zeus Trojan virus that snatched documents and passwords and uploaded the data to a server in Belarus, Network World reported on Monday.

The spoof stole more than 2 gigabytes of documents in Microsoft Word, Excel and PDF format, according to security expert Brian Krebs in a blog post.

Krebs said one of the victims was an employee at the National Science Foundation's Office of Cyber Infrastructure and the documents collected included hundreds of NSF grant applications for new technologies and scientific approaches. Another victim was an intelligence analyst in the Massachusetts State Police, whose documents might have recently received top-secret clearance.
For those tech geeks out there, Network Forensics has the coding of the virus on its blog.

Video game consoles are now more than just for fun. An Air Force supercomputer, built from off-the-shelf components, includes 1,716 PlayStation 3 game consoles.

The machine, known as the Condor Cluster, is estimated to be one of the greenest computers in the world. And if that wasn't enough, it also is the 35th or 36th fastest computer in the world, said Mark Barnell, director of high performance computing and the Condor Cluster project at the Air Force Research Laboratory, reported Government Computer News.

One of the main reasons to use PS3 processors was cost. Condor cost about $2 million to build, compared to $50 million to $80 million for a similar supercomputer, the Air Force said in a news release.

The computer also can read 20 pages of information per second, which makes it about 50,000 times faster than the average laptop, CNET reported.

Initial tasks for the machine, located in Rome, N.Y., include neuromorphic artificial intelligence research, in which programmers will teach the computer to read symbols, letters, words and sentences so it can fill in human gaps and correct human errors, CNET reported.

The Air Force is preventing personnel from accessing on their work computers more than 25 websites and blogs that have posted cables obtained by WikiLeaks.

When employees attempt to view The New York Times, Britain's The Guardian, Germany's Der Spiegel, Spain's El Pais, and other sites that posted the full, still-classified cables, the screen says "Access Denied: Internet usage is logged and monitored," the Wall Street Journal reported on Tuesday.

"News media websites will be blocked if they post classified documents from the WikiLeaks website," Lt. Col. Brenda Campbell, spokeswoman for the Air Force Space Command, which oversees the service's cyber systems, told the Times. "This is similar to how we'd block any other website that posted classified information."

According to the Times, only sites that post full documents will be blocked. Spokesmen for the other military services told the newspaper they have no plans to block the sites, because the Office of Management and Budget and Defense Department already distributed guidance reminding employees and contractors not to read classified information unless they have the appropriate clearance.

The new superintendent of the U.S. Naval Academy wants his campus to be a center for cybersecurity education. To help achieve that goal, the Annapolis, Md.-academy wants to build a $100 million building and have a slate of new cybersecurity classes.

Beginning with the class of 2015, an introductory cybersecurity class will replace a yet unnamed required course and Vice Adm. Michael H. Miller, expects the school to eventually produce graduates who specialize in cyberwarfare, The Baltimore Sun reported.

"It's an important part of my tenure here to get that project going forward," Miller, who started in August, told reporters last week, according to the newspaper.

The academy has not yet requested funding for the cybersecurity building, which Miller envisions as a secure collection of high-tech laboratories, and might first seek private donations.

The Air Force has issued a warning on its internal website to troops not to reveal their location through social media tools, such as Facebook.

The Associated Press reported Wednesday that the service is concerned about new features on sites such as Facebook and Foursquare that could show the enemy exactly where U.S. forces are located in war zones.

"Careless use of these services by airmen could have devastating operations security and privacy implications," read the warning, sent to senior commanders, according to AP. Commanders were asked to spread the word to troops.

The Army, which has the majority of the nearly 145,000 troops in Iraq and Afghanistan, intends to issue a similar warning next week.