May 28, 2013
The Pentagon vouched for the capabilities of U.S. weaponry, responding to a report that Chinese hackers had gained access to sensitive information about major American weapons systems.
“We maintain full confidence in our weapons platforms,” Pentagon spokesman George Little said yesterday in a statement. “Suggestions that cyber intrusions have somehow led to the erosion of our capabilities or technological edge are incorrect.”
Little issued the statement after the Washington Post, citing a classified section of a report by the independent Defense Science Board, reported that hackers had gained access to computer information about more than two dozen major U.S. weapons systems, including missile defenses, aircraft and ships.
While the science board report didn’t accuse China in the incidents, there have been numerous reports for several years of a sustained Chinese espionage campaign against U.S. defense contractors and government agencies.
The science board report “outlines several areas of concern that we will address promptly to ensure the viability of our cyber capabilities and defenses,” Air Force Lieutenant Colonel Damien Pickart, another Pentagon spokesman, said in an e-mailed statement.
Chinese attempts to obtain sensitive U.S. military data as well as commercial intellectual property through electronic espionage have been highlighted repeatedly by Defense Department and White House officials. National Security Adviser Tom Donilon said in March that China is waging a “large scale” computer campaign to steal trade secrets.
Weapons systems compromised by hackers included Air Force, Army and Navy air-to-air and missile defense weapons, fighter aircraft, including Lockheed Martin Corp.’s F-35 jet, and the Navy’s Littoral Combat Ship, the Post reported.
Pickart’s statement didn’t confirm any specific information about Chinese hackers or intrusions aimed at weapons systems information. In general, he said the science board’s findings “make it clear that much work remains as we establish the right balance of integrated cyber defenses, capabilities and forces.”
“Some of the information in the report is dated” because the science board “completed much of its research two years ago,” Pickart said. Since then, the military has made progress addressing “some of the issues identified” and “is using the report to focus additional efforts on those not already in progress,” he said.
Defense contractors said they’re seeing an increase in attacks on their networks.
“The number of attempts to breach into our networks are increasing at an alarming rate,” Randy Belote, a spokesmen for Falls Church, Virginia-based Northrop Grumman Corp. said in an e-mail. Raytheon Co. and the government agencies it supports “continue to see an increase in advanced persistent threats,” David Desilets, spokesman for the Waltham, Massachusetts-based company said in an e-mail.
Lockheed, the world’s largest defense contractor, has “made significant investments in countering cybersecurity threats,” Jennifer Allen, a spokeswoman for the Bethesda, Maryland-based company said in an e-mail. Lockheed remains “confident in the integrity” of its security systems, she said.
“There appears to be some news here, but the fact that China has been engaged in massive electronic reconnaissance of U.S economic and national security assets is not news,” said Michael Wessel, a member of the congressionally mandated U.S.- China Economic and Security Review Commission.
Wessel said he hasn’t read the classified Defense Science Board document.
Still, he said, “I take this as a real shot across the bow in terms of the enormity of the problem the U.S. faces” that signals “it now has to be dealt with.”
Reports have highlighted the risks of cyberattacks to U.S. weapons systems.
The unclassified portion of the Science Board report said in January that the success of Pentagon “red teams” trained to test the vulnerabilities of U.S. weapons systems should “give pause to DoD leadership.”
“During exercises and testing, DoD Red Teams, using only small teams and a short amount of time, are able to significantly disrupt” the ability of U.S. forces to carry out military missions, it said.
The Littoral Combat Ship is vulnerable to hacking, according to findings by Navy cybersecurity specialists, Bloomberg News reported in April.
A red team assigned to test weaknesses in computer systems found major deficiencies last year in Lockheed’s USS Freedom, the first of the new ships to be deployed, according to a government official familiar with the findings who asked not to be identified because the Navy report hasn’t been made public.
The Pentagon this month in its latest annual report on China’s military capabilities said China’s military has targeted U.S. government computers with intrusions that seek sensitive data.
The incursions “appear to be attributable directly to the Chinese government and military,” the Pentagon said. The information targeted could be used to bolster China’s defense and technology industries and to support military planning. It didn’t say U.S. weapons programs have been compromised.
In addition to pressing U.S. and foreign defense contractors to beef up defenses along their entire supply chains against computer espionage from China and other countries, U.S. intelligence agencies occasionally have planted bits of misleading or false information about weapons systems of interest to rival nations, two U.S. officials have said.
When electronic intelligence specialists at the National Security Agency detect an extensive effort to steal information about a particular weapon, such as the F-35 stealth jet or U.S. missile defenses, one possible response is to plant old or partially faulty information in ways that leave it vulnerable to hackers, the officials said.
Such tactics can be used to encourage the Chinese or others to copy outdated or deficient designs, and they also undermine rival nations’ confidence in the credibility of the information they steal, the officials said, asking not to be identified discussing classified matters.
Even if the bulk of the information that’s stolen is valid, a few small omissions or changes can make the purloined data worthless or prompt the thieves to waste time and money on designs that won’t work or can easily be countered, they said.
The U.S. has used disinformation campaigns in the past to successfully deceive adversaries, for example about where and when allied forces would invade France during World War II, one of the officials said.