It’s been a month of bad news for federal security. First came a report that the U.S. electricity grid was hacked (but no damage observed). Then Pentagon officials said that a breach had cost $100 million. Then, earlier this week, came reports that data on the Air Force’s most modern fighter aircraft, the Lockheed Martin F-35, had been lost in a breach.
Officials at Lockheed Martin and the DoD denied a breach but did admit that their systems are under constant attack. “We don’t comment on alleged or actual cyber infiltrations, potential impacts to DoD operations, or any possible investigations, for obvious security reasons (i.e., any information on potential success or failure may assist an attacker). I can say that DoD systems are probed daily,” wrote Lt. Col. Eric Butterbaugh, a DoD spokesperson, to InternetNews.com.
The constant attacks demand vigilance, he wrote. “We take all threats seriously, defending in-depth every day. The threat comes in many forms — including recreational hackers, self-styled cyber-vigilantes, groups with nationalistic or ideological agendas, transnational actors, and nation-states. We aggressively monitor our networks for intrusions and have appropriate procedures to address these threats.”
Lockheed Martin’s CFO Bruce Tanner said that his company experiences the same level of attacks. “Like the government, these attacks on our systems are continuous and we do have stringent measures in place to both detect and stop these attacks,” he said.
The news comes as a federal cybersecurity review report was due to be delivered President Obama. The review, which began on or around February 10, 2009, was supposed to take 60 days. “After the president has had an opportunity to carefully review the group’s report, we will begin discussing the results,” White House Press Secretary Robert Gibbs said in a statement.
Rethinking cybersecurity
The U.S. military is also re-thinking its approach to cybersecurity. In an important speech on April 6, 2009 outlining budget priorities, Defense Secretary Robert Gates said that the Pentagon must train 250 cyber experts each year by 2011, up from 80 per year now.
The need became more apparent this week after a Wall Street Journal article said that computer spies had stolen data from “the Defense Department’s costliest weapons program ever”. Representatives from the Department of Defense and from Lockheed Martin (NYSE: LMT) denied the report. A spokesman for the DoD said they were unaware of any breach, and Lockheed Martin’s Tanner said the same on the company’s earnings call.
Although neither Lockheed Martin nor the government can discuss security, Tanner said, “We believe the Wall Street Journal was incorrect in its representation of successful cyber attacks on the F-35 program. I’ve not heard of that and to my knowledge and to our knowledge there’s never been any classified information breach.”
Tanner said that he expects cybersecurity to be a huge market in the future for Lockheed Martin. He said that the market could be worth billions of dollars.
“This is not the anti-virus Internet protection sorts of things you would buy going down to your computer retail store,” he said. “This is very sophisticated, very redundant capabilities.”
Tanner added that Lockheed Martin already has plenty of cybersecurity experience. “We provide, and have provided it for a number of years to a number of U.S. government customers and I think that sets us up nicely going forward.”
He warned financial analysts that they would not see specific dollar amounts in contracts, as they are accustomed to seeing with military hardware, because spending requests for cybersecurity are made in changes in specifications and requirements for ongoing programs rather than in contracts for the purchase of specific applications.