The Defense Department was the victim of a cyber attack that resulted in the loss of 24,000 files, Deputy Defense Secretary William J. Lynn III disclosed Thursday.
The attack, which happened in the spring, was perpetrated by “foreign intruders” and affected a defense contractor, Lynn said during a speech at the National Defense University, The Washington Post reported. Lynn did not identify the intruders, and said the theft was “data-related,” Politico said.
In the same speech, Lynn unveiled the department’s new strategy for operating in cyberspace, which is intended to be a unified approach for DoD’s Web-based military, intelligence, and business operations.
“The cyber threats we face are urgent, sometimes uncertain and potentially devastating as adversaries constantly search for vulnerabilities,” Lynn said in a statement. “Our infrastructure, logistics network and business systems are heavily computerized. With 15,000 networks and more than seven million computing devices, DoD continues to be a target in cyberspace for malicious activity.”
The 19-page report has five key goals: treat the Internet as a classroom of sorts to take full advantage of cyberspace’s potential; deploy new defense operating concepts to protect against attacks; partner with other agencies for a government-wide cyber strategy; partner with cyber experts overseas; and tap into the expertise of the private sector.
Those new defense operating concepts include a concept known as “cyber hygiene,” which essentially means not letting human error lead to the next massive cyber attack.
“People are the Department’s first line of defense in sustaining good cyber hygiene and reducing insider threats,” the report said. “DoD seeks to foster a stronger culture of information assurance within its workforce to assure individual responsibility and deter malicious insiders by shaping behaviors and attitudes through the imposition of higher costs for malicious activity.”
In a statement, Secretary of Defense Leon E. Panetta said cyber security is “an area in which we’re going to confront increasing threats in the future and think we have to be better prepared to deal with the growing cyber challenges that will face the nation.”
In May, the White House unveiled a cyber-security proposal that it hopes Congress will use as a framework for legislation. Among other things, the plan includes national data breach reporting, increased penalties for computer crimes, rules that would allow the private sector to commiserate with the Department of Homeland Security on cyber-security issues, and cyber-security audits for critical infrastructure providers.