Lockheed Martin says it derailed cyber attack
The Defense Department said Saturday that the impact on the Pentagon of a cyber attack on Lockheed Martin was “minimal” and it expected no harm to result.
“Impact to DoD is minimal, and we don’t expect any adverse effect,” Lt. Col. April Cunningham said.
Lockheed Martin, the U.S. government’s top information technology provider, said Saturday that it detected and thwarted “a significant and tenacious attack” on its information systems network one week ago.
“As a result of the swift and deliberate actions taken to protect the network and increase IT security, our systems remain secure,” Jennifer Whitlow, a Lockheed spokeswoman, said in an e-mailed statement. “No customer, program or employee personal data has been compromised.”
Lockheed’s information security personnel are working around the clock to restore employee access to the “information systems network” targeted in the May 21 attack, the statement said.
Bethesda-based Lockheed, the Pentagon’s No. 1 supplier by sales and the world’s largest aerospace company, has kept the “appropriate U.S. government agencies” informed of its actions, the statement said.
The Department of Homeland Security said earlier Saturday that it and the Defense Department had offered to help gauge the scope of a “cyber incident impacting LMCO,” as the maker of fighter jets, ships and other major weapons systems is known.
The federal government also has offered to help analyze “available data in order to provide recommendations to mitigate further risk,” Chris Ortman, a homeland security official, said in an e-mail.
Military contractors’ networks contain sensitive data on arms that are under development, as well as on technology used by U.S. forces in Iraq and Afghanistan.
A person with direct knowledge of the matter told Reuters on Friday that unknown attackers had broken into sensitive networks of Lockheed Martin and several other U.S. military contractors.
They breached security systems designed to keep out intruders by creating duplicates to “SecurID” electronic keys from EMC’s RSA security division, said the person, who was not authorized to discuss the matter publicly.
U.S. officials may get involved in investigating a cyber breach at a company’s request. Homeland Security, for instance, can deploy a team to analyze infected systems, develop mitigation strategies, advise on efforts to restore service and make recommendations for improving network security.