Breach, Threat Management, Data Security, Incident Response, TDR

Chinese hackers breach 50 U.S. gov’t contractors’ systems in one year

Over the course of almost a year, Chinese hackers were able to target, attack and successfully penetrate government contractors' systems to steal sensitive information and, in one case, access systems onboard an American commercial ship.

The U.S. Senate Armed Services Committee spearheaded the release of the “Inquiry into Cyber Intrusions Affecting U.S. Transportation Command Contractors” report, which was released earlier this week, to determine whether the U.S. Transportation Command (TRANSCOM) was actually alerted of the breaches in its contractors' systems. In nearly all cases, TRANSCOM had no idea.

From June 1, 2012 to May 30, 2013, 50 successful intrusions were made into contractors' systems, and of those, 20 were attributed to an advanced persistent threat (APT). But that wasn't the most disconcerting finding, according to the report's executive summary.

“Of those APT-linked intrusions, TRANSCOM was made aware of only two, a troubling finding given the potential impact of cyber intrusions on defense information and operations,” the report said.

TRANSCOM manages the global movement of U.S. troops and equipment. Its stored information and systems particularly interest foreign governments during peaceful times, the report says, because it could allow them to unsuspectingly burrow into a computer network that would be essential in times of war.

Among the discovered incidents was one case in which the Chinese military infiltrated a TRANSCOM contractor between 2008 and 2010, allowing it to steal emails, documents, user passwords and computer codes. Another attack on the Civil Reserve Air Fleet gave the Chinese military documents, flight details, credentials and passwords for stolen encrypted emails.

However, the attacks themselves aren't especially newsworthy, says Carl Wright, general manager of TrapX Security and former CISO of the U.S. Marine Corps.

“More than anything, this is a reflection on the state of security as a whole,” he said in a Friday interview with SCMagazine.com. “Just like we read about Home Depot or Target or another Fortune 500 company having a devastating breach, we are now also reading about government organizations having the same problem.”

Commercial enterprises face daily threats to its security and data, and so does the government. The difference is that in this case, TRANSCOM wasn't protecting its data. It was at the mercy of government contractors. Whatever way contractors interpret cyber security or whatever measures they take to combat attackers is what TRANSCOM must accept, said Wright, but this shouldn't be the case.

Some protocols exist to set security standards and require contractors to report breaches directly to TRANSCOM, but more often than not, they are misinterpreted and not followed, Wright said. Information-sharing rules might prevent contractors from disclosing a breach, the report said, or the contractors might not know where information pertaining to TRANSCOM is stored in their systems, therefore they have no way to determine whether a breach affects pertinent TRANSCOM data.

But Wright sees these miscommunications as something that can be overcome, both by IT security professionals and their management.

IT security professionals need to remember that threats are ever-evolving, he said. “Just because we've deployed a specific capability into our data center to protect it against the threats we're facing today, doesn't mean it will be as effective next year or even tomorrow.”

As far as management, it needs to begin comprehending cyber threats and dedicating resources to training and helping security professionals. “It's one thing to understand it,” Wright said. “It's another to fund it.”

Ultimately, however, government resources need to be dedicated for contractor oversight. Senator Jim Inhofe (R-Okla.) echoed Wright's sentiments in a press release on the report.

“It is essential that we put into place a central clearinghouse that makes it easy for critical contractors, particularly those that are small businesses, to report suspicious cyber activity without adding a burden to their mission support operations," said Inhofe.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.