|Page 2 of 2 <|
Defense Department Joins Forces With Industry Against Cybercrime
Though Lockheed Martin's agreement allows the firm to send samples of breach data to the crime center, the firm prefers to do its own intrusion investigations, said Mike Gordon, senior manager of Lockheed's Computer Incident Response Team. "We've got the most talented team, the most advanced technologies," he said during an interview at the firm's Security Intelligence Center in Gaithersburg.
At the touch of a button, a wood-paneled wall slid up and revealed an operations center -- barely a year old -- with 24 workstations, 15 analysts scrutinizing code on their monitors, a wall of giant video screens showing network traffic, and a map of the firm's global Internet links. Each day, 4 million e-mails enter Lockheed's networks, and analysts monitor hundreds of millions of actions, including clicks on the company Web site, for suspicious activity.
In 2006, Lockheed officials contacted government investigators about a suspicious intrusion into an unclassified network that handles data on the F-35 Joint Strike Fighter. The Wall Street Journal reported about that incident last month.
Senior Air Force officials became concerned that other systems were vulnerable and directed that the breach investigation be broadened to include the F-22 fighter program, although no evidence was found that F-22 data had been stolen, according to sources who spoke on the condition of anonymity because of the matter's sensitivity.
Both jets rely on computer networks for operation and maintenance, which makes them vulnerable to hacking that can affect flight operations. Gaining access to unclassified data about design and maintenance can allow an adversary to more easily design countermeasures, the sources said.
In early 2007, the Air Force launched a partnership with about a dozen companies that work on the F-35 and F-22, and that served as the nucleus for the broader partnership. In August 2007, Deputy Defense Secretary Gordon England gathered the top executives of major contractors for a classified briefing.
"We shared with them the fact that we've got a very, very aggressive cyber threat," said Robert Lentz, a Pentagon official who heads the partnership. The Pentagon soon will seek to amend defense acquisition rules to require cybersecurity standards for firms seeking contracts. "The sooner we all understand what's required to protect the information in our networks, and we teach this in universities and in businesses, the better off we all will be, down to the Internet user at home," Lentz said.