PARIS (Reuters) – U.S. weapons industry executives say they are disappointed and frustrated about a massive U.S. cyber breach that exposed sensitive information about millions of Americans, including many thousands who work on high-security arms projects.
Details are still emerging about major cyber attacks on the U.S. Office of Personnel Management that were first disclosed earlier this month and U.S. officials have linked those breaches to China. China denies any involvement.
But U.S. industry executives, many of whom hold security clearances of their own and employ thousands of people whose data has likely been stolen, say they have heard enough to know that the incident could open up new vulnerabilities putting their networks at risk.
Cyber experts say the security clearance data from OPM’s database includes the Social Security numbers of applicants and their families and friends, data that could be used by hackers to obtain passwords, create dossiers on key individuals, and better target top-secret weapons programs.
U.S. weapons makers say their networks are heavily targeted by attackers linked to China, Russia and other potential foes, fending off hundreds of thousands of probes a day aimed at snagging key information about new weapons, including fighter jets, jet engines, bombers and satellite networks.
The U.S. Senate Armed Services Committee hopes to add $200 million to the Pentagon’s fiscal 2016 budget for a cyber review of weapons programs, after its chief weapons tester in January reported that nearly every program was vulnerable to cyber attack.
“It’s very disappointing that this information was seemingly as easy to get at as it was,” Dave Wajsgras, who heads Raytheon Co’s Intelligence, Information and Services business, told Reuters. He said it came after numerous breaches of both private and government networks that should have raised alarms.
“There is a tsunami of threats that exist in the cyber domain today. It’s something that we all collectively need to take much more seriously,” he said, urging more spending and focus on beefing up security in government and the private sector.
Wajsgras declined comment when asked how the breach would affect his company and U.S. national security, but said it had clearly added risk.
Two sources familiar with the matter said the data stolen from OPM was not encrypted, raising questions about the level of security maintained by the agency, even after a well-documented breach of the U.S. Navy and U.S. Marine Corps servers last year.
One industry executive said classified weapons programs like the new bomber to be built for the U.S. Air Force had their own segregated servers, and most big companies had sophisticated, multi-layered security systems to keep data safe.
But new challenges emerge every day, and every bit of personal information can be valuable to dogged hackers, said Brian Kaveney, who heads the Security Clearance practice at Armstrong Teasdale.
News about the OPM hack emerged just before thousands of U.S. business executives gathered near Paris for a biennial trade show. Most are subject to strict security controls, which require them to travel with scrubbed computers and a minimal number of electronic devices.
“It’s frustrating. We can’t even travel with our computers for the sake of security, but OPM just left the front door open,” said one industry executive, who asked not to be named.
Wajsgras said Raytheon already provides a variety of cyber services to the U.S. military and other government agencies, and was now offering to help improve OPM’s security.
Boeing Co and Textron Inc sent out alerts to their workforces after the OPM hack was disclosed, urging them to be extra vigilant about phishing schemes and other threats.
Lockheed Martin Corp, the Pentagon’s top supplier and maker of the F-35 fighter jet, said it regularly carries out random cyber testing to test its networks and employees. It also works closely with suppliers and buyers around the world to ensure the security of the Pentagon’s most advanced warplane, said F-35 program manager Lorraine Martin.
Source: Business Insider