Lockheed network hit by major disruption: sources

WASHINGTON/BOSTON Fri May 27, 2011 9:51am EDT

The F-35 cockpit of the world's newest fifth generation fighter aircraft is shown with a simulation demonstrator screen from a F-35 cockpit demonstrator at National Electronics Museum in Linthicum, Maryland, September 29, 2010. REUTERS/Hyungwon Kang

The F-35 cockpit of the world's newest fifth generation fighter aircraft is shown with a simulation demonstrator screen from a F-35 cockpit demonstrator at National Electronics Museum in Linthicum, Maryland, September 29, 2010.

Credit: Reuters/Hyungwon Kang

Related Topics

WASHINGTON/BOSTON (Reuters) - Lockheed Martin, the Pentagon's No. 1 supplier, is experiencing a major disruption to its computer systems that could be related to a problem with network security, a defense official and two sources familiar with the issue said on Thursday.

Lockheed, the biggest provider of information technology to the U.S. government, is grappling with "major internal computer network problems," said one of the sources who was not authorized to publicly discuss the matter.

A second source, who also asked not to be identified, said the issue was "affecting a lot of people" at Lockheed, maker of the stealthy F-22 and F-35 fighter planes and other critical weapons systems.

Lockheed notified the Pentagon about the problem and its response, including resetting passwords for employees, said the defense official, who was not authorized to speak publicly.

Pentagon officials were working closely with Lockheed to gather data about the situation and "any action to be taken," the official added.

Lockheed, which employs 126,000 people worldwide and had $45.8 billion in revenues last year, said it does not discuss specific threats or responses as a matter of principle, but regularly took actions to counter threats and ensure security.

"We have policies and procedures in place to mitigate the cyber threats to our business, and we remain confident in the integrity of our robust, multilayered information systems security," said spokesman Jeffery Adams.

Big corporations -- especially government contractors -- keep matters of internal security secret and rarely publicly disclose problems in securing their networks.

Yet companies do occasionally reveal such attacks, sometimes forced by financial disclosure laws or by the large impact on customers.

Sony Corp, for example, last month disclosed that hackers had accessed personal data of some 100 million customers and was forced to shut down its PlayStation Network online gaming system.

The sources said Lockheed employees were still able to use mobile devices to access their company email accounts.

The slowdown began on Sunday after security experts for the company detected an intrusion to the network, according to technology blogger Robert Cringely. He said it involved the use of SecurID tokens that employees use to access Lockheed's internal network from outside its firewall,

A spokesman for EMC Corp, whose RSA division makes the tokens, declined to comment on any security issues affecting specific customers.

EMC disclosed in March that hackers had broken into its network and stolen some information related to its SecurIDs. It said the information could potentially be used to reduce the effectiveness of those devices in securing customer networks.

EMC said it worked with the Department of Homeland Security to publish a note on the March attack and provided web addresses to help companies identify where the attack might have come from.

Any attacker would need multiple pieces of information about the token, the customer, the individual users and their pin numbers -- some of which are never held by RSA. "In order to mount a successful attack, someone would need to have possession of all this information," the company said.

Steve Winterfeld, cyber technical lead at TASC, an advanced systems company spun off from Northrop Grumman Corp, said TASC and other companies were extremely concerned about the breach since it meant that the SecurID tokens could no longer be viewed as completely secure.

"You have no idea how many people are freaked out right now," Winterfeld told Reuters. "TASC is no longer treating the RSA device as if it were as secure as it was beforehand."

MONITORING CENTER

Loren Thompson, chief operating officer of the Lexington Institute, and a consultant to Lockheed, said the company monitored every node on its vast global computer network from a large operations center in a Maryland suburb near Washington, D.C.

"If it sees signs that the network is being compromised by outsiders it will shut down whole sectors of the network to protect information," Thompson said.

He said Lockheed had advanced networking monitoring tools that gave it a "much better understanding of their systems' status than most other organizations, including the Department of Defense."

He said the incident underscored massive challenges faced by corporate and government computer networks in "an age where everybody has access to ubiquitous digital communications."

Lockheed has been a frequent target of cyber attacks by individual hackers and foreign governments, said one industry executive, who was not authorized to speak publicly. "The Chinese had been after them forever," this executive said.

Winterfeld noted that both China and Russia had developed stealthy fighter jets sooner than expected, raising questions about whether those countries had penetrated U.S. networks involved with development of U.S. stealth technology.

Lockheed teamed up this month with Carnegie Mellon University to open a new cyber laboratory in Pittsburgh.

At the time, Rick Ambrose, president of Lockheed's information systems division, said potential cyber attackers were "getting smarter, faster, and more sophisticated every day."

The company has been working to help accelerate response times, protect smartphones, and pinpoint potential vulnerabilities in government and corporate networks.

(Reporting by Jim Finkle and Andrea Shalal-Esa; Editing by Tim Dobbyn)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (1)
davidsharpe wrote:
What few facts (public and private) known about the Lockheed VPN takedown are available here: http://blog.sharpesecurity.com/2011/05/28/scant-facts-regarding-lockheeds-vpn-system-takedown/

May 27, 2011 4:49pm EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.