Officials: Cyberattack not that damaging - Air Force News | News from Afghanistan & Iraq - Air Force Times

Officials: Cyberattack not that damaging

News reports that cyberspies stole reams of data about the F-35 Joint Strike Fighter program exaggerated the extent of the breach, according to defense experts and a former senior Air Force official with direct knowledge of the incident.

One of the experts, though, described the computer hacking as a “wake-up call” and warned both government and private industry to do more to protect national security information.

The breach, first reported April 20 by The Wall Street Journal, apparently occurred in 2007 and 2008; the Defense Department confirmed the theft was information related to the JSF program, led by the Air Force, but refused to discuss who the hackers might be or exactly what data was taken.

The attack, according to the media, appeared to have come from computers in China, but the Chinese government denied responsibility and computer experts warned the origin of attacks is difficult to trace and can easily be faked.

An Air Force expert said the stolen data is believed to be related to the aircraft’s maintenance systems.

“There was no leakage of highly sensitive information,” said Loren Thompson of the Lexington Institute, a Virginia-based think tank.

A former senior Air Force official with direct knowledge of the breach described the information as “lower-level” unclassified data, but said the theft caused the Pentagon to lock down some systems.

“It was not benign because everybody went on high alert,” said the official, who agreed to speak only on background. “On the other hand, it was not in a critical area.”

The F-35 is the military’s newest fighter and its most expensive weapons program. The Pentagon will spend about $300 billion to buy nearly 2,500 jets for the Air Force, Navy and Marines.

The Pentagon and Lockheed Martin, the F-35’s prime contractor, were tight-lipped about the breach.

In a statement, Lockheed said it had no knowledge of “any classified information breach” but is aware that its computer systems are continually attacked.

Pentagon spokesman Bryan Whitman would not discuss the F-35 incident but said Defense Department networks, too, are probed repeatedly every day.

The Air Force also did not offer additional details.

“We do not dispute the statements already made by DoD officials and Lockheed on this issue,” said Lt. Col. Tadd Sholtis, an Air Force spokesman. “In general, we don’t comment on alleged or actual cyber infiltrations ... because any information we release ... could assist people in planning and executing future attacks.”

Regardless of the sensitivity of the data stolen, the breach should cause concern, said Peter Brookes, senior fellow for national security affairs at the Heritage Foundation, a conservative think tank in Washington.

“This is another wake-up call to the government and the defense industry that they need to take additional steps to ensure that our national security information is protected,” he said. “There is information that may not be considered classified in the official sense but is still sensitive that we wouldn’t want people outside these organizations to have [be] privy to.”

Related reading:

Cyber operations standup approaches