U.S. Still Bleeding Cyber Secrets

A new article by Reuters’ Jim Wolf largely sums up what we’ve all been expecting to hear for years; that the U.S. defense contractors (who provide the government with much of its cyber security services) is seeing an unbelievable amount of sensitive information vacuumed up by foreign cyber-spies or as a source quoted in the piece puts it:

Cybercrime has put the United States “on the losing end of what could be the largest illicit transfer of wealth in world history.”

The article goes on to round up a vareity of quotes current and former government officials have made in recent years warning about the scale of cyber espionage directed against the U.S.

However, what’s most alarming  might be the quotes at the very end of the piece from former Defense Advanced Research Projects Agency (DARPA) senior scientist Anup Ghosh who says that despite the Pentagon’s recent investments in serious cyber defenses for its networks, the cyber advantage is still with the attackers:

“We’ve failed to innovate in the area of information security,” he said in an email Tuesday. “We’re fighting today’s battles with the equivalent of cold-war era defenses.”

This is pretty scary considering the speed at which cyber tech evolves. Despite a lot of talk about how the Pentagon is retooling its acquisition process to keep pace with tech evolutions that happen in a matter of days, it looks like we still have a ways to go in the inherently-handicapped game of cyber defense.

Here’s the full article.

  • Jeff

    I think one area of fault is that the Government really tried to slow the dissemination higher standards of encryption beyond what it could break into, to leave itself that option. Regulations of this area of industry has slowed inovation. Hard Drives and critical control systems should be more heavily encypted and isolated. Not everything should be accessible through the net; some systems would be better served being on isolated independent networks.

    • Bill

      It would require a massive overhaul, but I can’t think of a single reason why the Pentagon and Defense Contractors aren’t on isolated networks.

      If sensitive information is even slightly available, people will go at any length to uncover it. Cyber defense is a noble initiative, but will always be technologically behind the latest attacking tool, and there is no defensive advantage.

  • Oblat

    >what could be the largest illicit transfer of wealth in world history.

    Second only to what happened in the 19th century when we looted European IP and paid scant regard to their copyrights.

    The sad fact is that it is that protected IP has become a replacement for competition. And it will fail just as it failed the Europeans 150 years ago.

  • Tom

    How would one create an “isolated independent network” for the F-35? You’d basically have to eliminate the use of separate manufacturing facilities, because it would be impossible to create a physically “isolated independent network” spanning from Forth Worth (Lockheed Martin) to the UK (BAE Systems) and California (Northrop Grumman), just to name the big three airframe constructors, never mind the myriad of other manufacturing partners, including of course Pratt and Whitney on the engine.

    • Jeff

      It could be a matter of creating a parallel and non-public access “internet” that doesn’t allow access or cross over between the parallel systems. Where any one computer is effectively limited to one network. Companies would have limited number of licensed access points to that network with a logging system to keep track of interactions.

    • Jason

      Impossible? Only if you haven’t the slightest clue about modern telecommunications. It would be trivial to do such a thing. Not cheap, but trivial.

  • Sev

    It’s not just unsecure networks that are the issue. You also have people in the government and defense industry who are being paid by chinese agents to give away information. 5000 dollars here, 15 grand there, it continues. There needs to be very rigorous screening in the indusrty when hiring individuals and frequent observation of people with access to high value data. NObody can be trusted. WHat did we do in the 40s and 50s to root out soviet agents and squeelers?

  • amazon coupon
  • shopping blog

    Great post. I used to be checking continuously this blog and
    I’m inspired! Extremely helpful information specially the ultimate phase :) I
    handle such information a lot. I used to be seeking this particular information for a very
    long time. Thank you and best of luck.