Saturday, September 20, 2014

The Weakest Link


Nations protect their secrets
and have intelligence agencies to protect those secrets and winkle out the secrets of others. When you are trying to pry out another's secrets behind their defenses, you go for the weakest link. In this country the weakest link is also the most expensive, defense contractors.
The Chinese government has frequently hacked into the computer systems of defense contractors for the U.S. Transportation Command, the Pentagon agency responsible for deploying American troops and military equipment worldwide.

A bipartisan Senate investigation found that in one year, from June 1, 2012, through May 31, 2013, the Chinese government had gained access to sensitive U.S. defense logistics information at least 20 times, but that the Transportation Command, known as TRANSCOM in military circles, was aware of only two of the security breaches.

“These peacetime intrusions into the networks of key defense contractors are more evidence of China’s aggressive actions in cyberspace,” said Sen. Carl Levin, a Michigan Democrat who chairs the Senate Armed Services Committee, which conducted the probe.

“Our findings are a warning that we must do much more to protect strategically significant systems from attack and to share information about intrusions when they do occur,” Levin said.

Richard Bejtlich, chief security strategist for FireEye, a cybersecurity firm based in Milpitas, Calif., said his company tracks three dozen hacking groups that it traces to Chinese military, intelligence or other government agencies.

“They’re the worst in terms of scope,” Bejtlich told McClatchy. “They’re hitting the most number of targets, and they are the most aggressive. When you kick them off a system, they’ll try to get back on the next day.”

The Senate investigation found that the FBI knew of about half of the 20 cyberattacks on the defense contractors but had not informed the contractors or TRANSCOM of most of them.

“Cyber-intrusions into operationally critical contractors pose a threat to defense operations,” the Senate report said. “It is essential that potentially affected commands such as TRANSCOM be aware of such intrusions so that they can take steps to mitigate the threat.”

Among the examples provided, the probe found that between 2008 and 2010, one TRANSCOM contractor “was compromised by the Chinese military, who stole emails, documents, user accounts, passwords and even source code.”
Profit is a powerful motive to turn good security into merely good enough as long as it keeps expenses down.

Comments:

Post a Comment

Subscribe to Post Comments [Atom]





<< Home

This page is powered by Blogger. Isn't yours?

Subscribe to Posts [Atom]