Cyber war: Defense firms face battle to guard secrets

Thousands of defense contractors face a Pentagon directive to boost cyber security defenses by the end of the year, but many will likely won’t have all the safeguards in place, a cyber expert says.

“We don’t anticipate many companies being close to being compliant by the end of the year,” said Timothy Birt, Riverside Research information technology security administrator in Beavercreek.

Hackers target secret data on weapon systems, classified research on leap-ahead technology and personal information on top scientists and others with critical jobs.

“The interest in that personal data is to actually use it against employees of clear defense contractors to blackmail them or just coerce them into giving up information that they may not otherwise want to do,” Birt said.

Some of the prizes adversaries have pilfered via cyber espionage have loomed large: Congressional leaders have pointed out the close resemblance between the Chinese J-31 and the U.S. F-35 Joint Strike Fighter, the target of a cyber hack.

The Defense Science Board detailed other weapon systems cyber spies have stolen designs and data on span the F/A-18 fighter jet; the V-22 vertical take-off and landing aircraft; the Navy’s Littoral Combat Ship and the Black Hawk helicopter, The Washington Post has reported.

“Cyber attacks have become the preferred method of conducting espionage, because virtually every U.S. secret is on a network somewhere.,” said Loren B. Thompson, senior defense analyst and a defense industry consultant with the Virginia-headquartered Lexington Institute. “If enemies can gain access to those networks, they can avoid the difficulty of planting agents in organizations — a drawn out and dangerous process.

“The U.S. intelligence community suspects plans for America’s most advanced weapons have been stolen by foreign hackers, enabling adversaries to save billions of dollars on their own military research,” he added.

RELATED: Special report on war on cyber terror

In an untold number of cases, cyber spies targeted defense contractors in the supply chain viewed as an easier target with weaker defenses than the military or prime contractors may have in place.

“This is one of those problems that is so significant we are going to need more than mandates,” said Deborah Gross, Dayton Area Defense Contractors Association executive director. “We are going to need to work together.

“This is a huge problem, it’s a serious problem and I think the other thing people need to understand is when you look at the broad heart of cyber security … it’s virtually impossible to protect everything,” she said.

Defense contractors are under congressional directive to put in place bolstered cyber-security measures by Dec. 31, a deadline extended by two years.

Contractors must safeguard unclassified data and report to the Defense Department cyber incidents “that result in an actual of potentially adverse effect” on the company or Defense Department information.

It was not clear how many incidents have been reported.

The Pentagon counts about 60,000 contractors it does business with, and 42,000 have contractual requirements to protect information in cyberspace, officials have said.

Defense contractors are not alone in their vulnerability or in the scope of massive attacks that have affected tens of millions of Americans.

James Scott, co-founder and senior fellow at the Institute for Critical Infrastructure Technology in Washington, D.C., said critical infrastructure, the energy, financial and health sectors are “pretty vulnerable.”

“The health sector is absolutely first and foremost the most vulnerable and secondly the most perpetually attacked and third the most successfully attacked on a regular basis,” he said.

RELATED: Need a job? U.S. military looking for cyber warriors

About the Author