Lockheed says cyber attacks up sharply, suppliers targeted

WASHINGTON Mon Nov 12, 2012 9:01pm EST

Related Topics

WASHINGTON (Reuters) - The Pentagon's No. 1 supplier, Lockheed Martin Corp, on Monday cited dramatic growth in the number and sophistication of international cyber attacks on its networks and said it was contacting suppliers to help them shore up their security.

Chandra McMahon, Lockheed vice president and chief information security officer, said about 20 percent of the threats directed at Lockheed networks were considered "advanced persistent threats," prolonged and targeted attacks by a nation state or other group trying to steal data or harm operations.

"The number of campaigns has increased dramatically over the last several years," McMahon told a news conference. "The pace has picked up."

She said the tactics and techniques were becoming increasingly sophisticated, and attackers were clearly targeting Lockheed suppliers to gain access to information since the company had fortified its own networks.

U.S. officials have stepped up their warnings about cyber attacks on U.S. banks and other institutions in recent months, warning that attackers are developing the ability to strike U.S. power grids and government systems.

Lockheed officials declined to say if any of the attacks they had seen originated in Iran, which has been linked to recent denial-of-service attacks against U.S. financial institutions.

Rohan Amin, Lockheed program director for the Pentagon's Cyber Crime Center (DC3), said internal analysis showed that the number of campaigns had clearly grown, and multiple campaigns were often linked.

Lockheed recently wrested a $450 million contract to run the military cyber center away from long-time holder General Dynamics Corp.


As the top information technology provider to the U.S. government, Lockheed has long worked to secure data on computer networks run by a range of civilian and military agencies. The company is also trying to expand sales of cybersecurity technology and services to commercial firms, including its suppliers, and foreign governments, Lockheed executives said.

"Suppliers are still a huge problem," said Charlie Croom, Lockheed's vice president of cybersecurity solutions, noting the large number of companies that provide products and components for Lockheed, which has annual sales of just under $47 billion.

Croom, the former head of the Pentagon's Defense Information Systems Agency, said cybersecurity was a crucial area for Lockheed, but said it was difficult to pinpoint exactly how much business it generates because network security is part of nearly everything the company sells and does for the government.

He estimated that 5 to 8 percent of Lockheed's revenues in the information systems sector were related to cybersecurity. Lockheed generated $9.4 billion sales in that division in 2011.

McMahon said Lockheed had seen "very successful" attacks against a number of the company's suppliers, and was focusing heavily on helping those companies improve their security.

She said a well-publicized cyber attack on Lockheed's networks in May 2011 came after the computer systems of two of its suppliers -- RSA, the security division of EMC Corp and another unidentified company -- were compromised.

"The adversary was able to get information from RSA and then they were also able to steal information from another supplier of ours, and they were able to put those two pieces of information together and launch an attack on us," McMahon said.

She said Lockheed had been tracking the adversary for years before that attack, and was able to prevent any loss of data by using its in-house detection and monitoring capabilities.

One of the lessons the company learned was the importance of sharing data with other companies in the defense sector, and suppliers, to avert similar attacks, McMahon said.

"It's just one example of how the adversary has been very significant and tenacious and has really been targeting the defense industrial base," she said.

Social media, websites and malware introduced by emails remain major areas of concern, Lockheed executives said.

(Reporting By Andrea Shalal-Esa; Editing by Paul Tait)

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (2)
This is way beyond Iran’s cyber capabilities, it must be state sponsored attacks from either China or Russia. Or a cyber mercernary group. I think the gloves are coming off and someone or some group is sending a message to the US suppliers. Scary.

Nov 12, 2012 11:17pm EST  --  Report as abuse
Numb3rTech wrote:
We need to be very protective of our proprietary and patented products especially when it is technologically advanced. This is needed to protect our country. We are almost to a point where a lot of our systems are no longer connected to the regular internet and all classified data must be encryped and kept on local intranet systems within companies. It may come to the point that all computers used for critical information be kept totally in house and machines be set to not allow USB drives or any other external connections except for only in house. Use of highly encrypted fiber optics laid specifically for external offices with the same security as the main office. Field information collected should have to go through a special machine to check that no data has been infected and to verify the field laptops have not downloaded any information they should not have.

Any connection to the regular internet should be on a totally seperate machine that specifically checks emails and logs all data regarding messages sent and received IP addresses. The emails then should be checked on another machine for verification and a backup of all data should be preserved on a server with tape backup.

All web based advertising or web sites should be on a totally seperate machine with no access to classified or proprietary information.

Good encryption and using basically in house equipment is the only way to preserve data privacy. That is how I run my home computer system, my servers and backups. Only proper procedure will ensure protection of proprietary and sensitive documents.

Nov 13, 2012 2:25am EST  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.