July 14th, 2011
06:35 PM ET

Pentagon reveals cyber attack on U.S. industry as it unveils new strategy

The Pentagon hammered home its new cyber policy Thursday by revealing a large, previously secret electronic attack on a U.S. defense contractor.

"In a single intrusion this March, 24,000 files were taken," Deputy Defense Secretary William Lynn said at the release of an unclassified version of the new strategy to defend the U.S. military networks and critical national infrastructure.

"It is a significant concern that over the past decade, terabytes of data have been extracted by foreign intruders from corporate networks of defense companies," Lynn said, adding that the March attack was the latest in a series of escalating attacks over the past five or six years.

He carefully avoided specifics of the March attack and would not reveal which company was hit - or which country was to blame. "It was large, it was done, we think, by a foreign intelligence service - a nation-state was behind it," Lynn, the number-two official at the Pentagon, said during a speech and questions at the National Defense University.

This "digital thievery," according to Lynn, is interested in the most advanced weapons in the U.S. arsenal. "Cyber exploitation being perpetrated against the defense industry cuts across a wide swath of crucial military hardware, extending from missile tracking systems and satellite navigation devices to UAVs (Unmanned aerial vehicles) and the Joint Strike Fighter," Lynn said.

The Pentagon carefully emphasized the defensive parts of its new strategy. "Our first goal is to prevent war," Lynn said.

But the new plan also makes clear that, if necessary, the United States will fight back. "The United States is prepared to defend itself," Lynn said. "Just as our military organizes to defend against hostile acts from land, air and sea, we must also be prepared to respond to hostile acts in cyberspace," he said. And that response could include what he called "a proportional and justified military response at the time and place of our choosing."

A central challenge is to identify if and when a cyber attack would constitute an act of war, to prompt military action. "An act of war, at the end of the day, is in the eyes of the beholder," Joint Chiefs Vice Chairman, General James Cartwright said at the same rollout of the cyber strategy.

In addition to reliance on civilian power, communications and other critical civilian infrastructure networks, the Pentagon has a huge amount of electronic gear to protect - 15,000 networks, and 7 million computers around the world. The WikiLeaks release of hundreds of thousands of military and diplomatic cables dramatically illustrated the inside-job vulnerability of Defense Department computers. And federal officials say that in 2008 a foreign intelligence agency penetrated its classified computer system.

Both Cartwright and Lynn stressed that there still is catching up to do as new technology and new vulnerabilities require new legislation and regulation.

And Lynn warned that threats will only worsen and become more sophisticated as rogue states and terrorists gain new cyber tools.

"The more malicious actors have not yet obtained the most harmful capabilities," Lynn said. "But this situation will not hold forever. There will eventually be a marriage of capability and intent, where those who mean us harm will gain the ability to launch damaging cyber attacks."

Post by:
Filed under: Homeland Security • Military • Terrorism
soundoff (19 Responses)
  1. Bill Mitchell

    A DIRECT attack on China as retribution is not needed. What would be nice is to 'arrange' for one of their initiatives such as nuclear or biological warfare to have a tragic 'accident' on THEIR home soil.

    July 15, 2011 at 2:03 pm | Reply
  2. dale

    I have a feeling with the economy the way it is, there are people in the Pentagon and defense contractors are hurting for money, and they are selling us down the river to China.

    July 15, 2011 at 1:32 pm | Reply
  3. Tom Story

    give the "black-hats" two weeks notice to surrender themselves.

    at the two week line anyone caught where they shouldn't be goes straight to jail and court, is branded a terrorist.

    which is a simple course for the jury – guilty; life imprisonment. nuff said, and the next one – mirror the first one.

    when the it begins to sink in, that's when we'll have the attention of world – and then, maybe, there won't be this problem any longer – we can then focus on countries in the same manner.

    July 15, 2011 at 12:34 pm | Reply
    • china sucks

      Next time this happens we should attack chinas navy to show them who's boss and set back their plans for decades.

      July 15, 2011 at 1:01 pm | Reply
  4. cybermaniac

    first of all, USA needs to invest on its own country... Main 2 things are Millitary and Cybersecurity for its own country, not to showoff to other countries what power we have.. We thousands of IT Peoples in this Country..but what's the funny thing, America has to work first with the BlackHats and not WhiteHats, Whitehats are clueless IT peoples, Blackhat are cyber scientist, you ever wonder why, Blackhats always finds the holes to brake in the systems, America will succeed more with BlackHats then WhiteHats.
    How comes the point one stupid chinese or asian attacks Pentagon and manages to steal data, it shows enough that the Cybersecurity of this country sucks bad time... thats what happening when America first focuses to stabilizes somebodies else problem and not its own.
    I hope people agrees with my idea and comment,

    July 15, 2011 at 11:33 am | Reply
    • Tools & Widgets

      What makes you so arrogant to think they don't already do this?

      July 15, 2011 at 11:52 am | Reply
      • cybermaniac

        what makes me thing? reality makes me thing dude! reality shows, for damn 8 years Mr.Bush didnt do jack shit , now Obama needs to put everything on its feets, and now the goverment pays for it, and the way they do it, they don't do it quickly, its not easy but you know what? no time to waste because this what's happening to us,

        July 16, 2011 at 6:33 pm |
    • Creag Antuirc

      May we reasonably assume you weren't born in Akron?

      July 15, 2011 at 11:52 am | Reply
    • susan

      Protection from this starts with yourselves... always someone else to blame. That's the left wing extremist attitude for ya.

      July 15, 2011 at 12:28 pm | Reply
      • susan

        Btw... I think we should blame Bush for this too.

        July 15, 2011 at 12:31 pm |
  5. BobinCal

    I can't believe that information about "the most advanced weapons in the U.S. arsenal" are not stored on secure servers and encrypted.

    July 15, 2011 at 10:55 am | Reply
    • dale

      If that information was not encrypted, there are some people who need to go to jail.

      July 15, 2011 at 1:28 pm | Reply
  6. rtrauben

    sounds like the defense industry needs to invest in itself or the things it sells will be worthless and useless.

    July 15, 2011 at 10:14 am | Reply
  7. petercha

    China at work again.

    July 15, 2011 at 9:46 am | Reply
  8. ConernedNetizen

    Goodstuff, I agree. "Living with Terror" implies we have given up all hope of living normally again. "Terror" is a crime of an emotion. Crime is an illusory artifact of societal inequity, and its ongoing existence is further proof of our failure to address growing disparities in Quality of Life..

    July 15, 2011 at 9:21 am | Reply
  9. Goodstuff

    This "blog" is hilariously bad.

    "Living with Terror" tab? Really? I expect this kind of sensationalist nonsense from Foxnews but I thought CNN was a little more grown up. "Living with Terror", unless you are describing the day to day life of someone who actually lives within the sunken city of R'lyeh in a perpetual state of paralyzing horror that one day Cthulhu might awaken, the title is just hyperbole.

    July 15, 2011 at 8:37 am | Reply
  10. James

    Why isn't this article in the main stream of CNN articles? Why is it being hidden?

    July 15, 2011 at 12:32 am | Reply

Post a comment


CNN welcomes a lively and courteous discussion as long as you follow the Rules of Conduct set forth in our Terms of Service. Comments are not pre-screened before they post. You agree that anything you post may be used, along with your name and profile picture, in accordance with our Privacy Policy and the license you have granted pursuant to our Terms of Service.