*On the plus side, there are apparently no actual Pentagon "secrets," as they are all in the possession of the private sector.
*Has the Murdoch operation been contacted to cover this crisis?
via SANS
TOP OF THE NEWS
–Pentagon Acknowledges Serious Data Breach, Announces Cyber Security Strategy
(July 14, 2011)
Prior to announcing the Pentagon's new cyber security strategy, Deputy
Secretary of Defense William Lynn said that a Defense Department (DOD)
contractor suffered "one of its largest cyber attacks ever," in which
what DOD believes to be a foreign government stole 24,000 files
containing sensitive data. The attack occurred in March 2011. The
increasing volume and seriousness of cyber attacks necessitated the
development of the cyber security strategy. Lynn said that it is highly
likely that "cyber attacks will be a significant component of any future
conflict." DOD's position is to prepare for attacks and defend systems
against them. Lynn did say that the US military could respond with
force, depending on the effect of the attack
http://www.msnbc.msn.com/id/43757768/ns/technology_and_science-security/
http://www.washingtonpost.com/politics/courts-law/pentagon-cites-largest-ever-loss-of-defense-data-in-cyberattack-reveals-new-defense-strategy/2011/07/14/gIQAXLeWEI_story.html
http://www.eweek.com/c/a/Security/Pentagon-Admits-Major-Data-Breach-as-It-Unveils-Defensive-CyberStrategy-869009/
http://www.washingtonpost.com/national/national-security/pentagon-to-unveil-cybersecurity-strategy/2011/07/12/gIQADG4ADI_story.html
http://www.forbes.com/feeds/ap/2011/07/14/technology-us-waging-cyber-war_8564937.html
http://www.informationweek.com/news/government/security/231001814
[Editor's Comment (Northcutt): Bullpucky! The Pentagon has been under
successful cyber attack for as long as I can remember. In 1999 the NSA
sent a guy on a Harley with western jewelry and a pony tail to
re-architect the Pentagon information security architecture, because it
had been hacked so often. At first it was twice a day meetings and
emergency procurements, but that turned out to be a joke fast. The
Pentagon has repeatedly demonstrated no long term desire to get better.
The cause of their carelessness with America's secret is the lack of
"accountability". Before you even start to consider contractors, focus
on what is close at home, the Pentagon itself. That is where many of the
coolest secrets used to be kept before they were exported to other
countries without our knowledge or consent.
(Paller): Mr. Lynn's initiative makes a lot of sense to me and his
retirement will be a huge loss to the country. With the Pentagon
outsourcing nearly everything IT related, the contractors have, and are
losing, the bulk of the critical data that is being stolen. But Stephen
Northcutt's focus on accountability is the key to solving the problem -
not just regulation, but consequences. Congressional testimony
yesterday pointed out that the federal Inspectors General may be
culpable, because they are measuring the wrong things (their paper
checklists do not reflect the current threat picture) and their
overwhelming power focuses agency and contractor attention away from the
controls that matter.]
