Hackers Hit Defense Contractor Systems

Thursday, September 18, 2014 @ 05:09 PM gHale

Chinese government hackers were able to get into the systems of U.S. Transportation Command (TRANSCOM) contractors at least 20 times in a single year, a Senate Armed Services Committee investigation has found.

These intrusions show vulnerabilities in the military’s system to deploy troops and equipment in a crisis, the investigations said.

Dragonfly: Pharma Industry Targeted
Keyboard Manufacturer Hacked
Oil, Energy Firms Hacked in Norway
NRC Hacked: Report

The year-long investigation found TRANSCOM, which is responsible for global movement of U.S. troops and equipment, was only aware of two of those intrusions. It also found gaps in reporting requirements and a lack of information sharing among government entities that left the command largely unaware of computer compromises of contractors that are key to the mobilization and deployment of military forces.

“We must ensure that cyber intrusions cannot disrupt our mission readiness” said Senator Jim Inhofe, R-OK, the committee’s ranking member. “It is essential that we put into place a central clearinghouse that makes it easy for critical contractors, particular those that are small businesses, to report suspicious cyber activity without adding a burden to their mission support operations.”

The committee investigation focused on a little-recognized but vital U.S. military asset: The ability to tap civilian air, shipping and other transportation assets to rapidly deploy U.S. forces in times of crisis. Through programs such as the Civil Reserve Air Fleet (CRAF), commercial transportation companies, some of whom do little or no CRAF-related business in peacetime, become key elements of TRANSCOM’s plans for moving troops and equipment around the world.

The committee found in a 12-month period beginning June 1, 2012, there were 50 intrusions or other cyber events into the computer networks of TRANSCOM contractors. At least 20 of those were successful intrusions attributed to an “advanced persistent threat.” All of those intrusions were at the hands of China, the report said.

Among the investigation’s findings:
• A Chinese military intrusion into a TRANSCOM contractor between 2008 and 2010 that compromised emails, documents, user passwords and computer code.
• A 2010 intrusion by the Chinese military into the network of a CRAF contractor in which documents, flight details, credentials and passwords for encrypted email ended up stolen.
• A 2012 Chinese military intrusion into multiple systems onboard a commercial ship contracted by TRANSCOM.

The investigation found significant gaps in information sharing regarding cyber intrusions. A committee survey of a small subset of TRANSCOM contractors discovered 11 intrusions by China into contractor networks. The investigation also found the FBI or the Department of Defense (DoD) were aware of at least nine other successful intrusions by China into TRANSCOM contractors. Of those 20 intrusions, TRANSCOM was only aware of two.

That gap was in part a result of contractors and TRANSCOM lacking a common understanding what intrusions should end up reported to TRANSCOM. Also, DoD agencies lack a clear understanding as to what information about cyber intrusions can and should end up shared with TRANSCOM and other agencies within the Department.

The committee also found cyber intrusion reporting requirements focus on intrusions that affect DoD data. Some TRANSCOM contractors, such as several CRAF airlines, however, may do little or no business with the military until called upon in a crisis. Peacetime intrusions at those companies may not involve immediate loss of military information, but could leave those companies vulnerable to loss of information or disruption of operations when they get the call to activate to support military operations.

“Nation-states and crime syndicates are attacking us. It is just as important in today’s world to protect our country’s critical information systems and infrastructure as it is to protect sea lanes and foreign economic interests,” said Carl Wright, general manager of TrapX Security, and formerly CISO of the U.S. Marine Corps.

Leave a Reply

You must be logged in to post a comment.