Pentagon says impact of Lockheed attack 'minimal'

Cyber-breach of US aerospace and technology company, which makes Israel's F-35 fighter jets, is not expected to do harm.

F 35 fighter jet 311 (photo credit: REUTERS)
F 35 fighter jet 311
(photo credit: REUTERS)
WASHINGTON - The US Defense Department said on Saturday the impact on the Pentagon of a cyber attack on Lockheed Martin Corp was "minimal" and it expected no harm to result.
Lockheed Martin makes the F-35 fighter jets, 20 of which were recently approved for purchase for the Israeli Air Force.
RELATED:Hackers steal 77 million Playstation users' personal info'IAEA investigating if equipment hacked while in Iran'
"Impact to DoD is minimal and we don't expect any adverse effect," Lieutenant Colonel April Cunningham said in an e-mailed reply to Reuters. "As a matter of standing DoD policy, we do not comment on operational matters."
No customer, program or employee personal data was compromised thanks to "almost immediate" protective action taken after the attack was detected May 21, Jennifer Whitlow, a company spokeswoman, said in an emailed statement.
She said the company, the world's biggest aerospace company and the Pentagon's No. 1 supplier by sales, was working around the clock to restore employee access to the targeted network while maintaining the highest security level.
The US Defense Department said in statement late Saturday night that it was working with Lockheed to determine the scope of the attack.
The incident's impact on the department is "minimal and we don't expect any adverse effect," Air Force Lieutenant Colonel April Cunningham said by email.
She declined to specify the nature of the impact, saying that as a matter of policy, the department does not not comment on operational matters.
The Department of Homeland Security, or DHS, said that it and the Defense Department had offered to help curb the risk from the incident.
Lockheed is the maker of the F-16, F-22 and F-35 fighter jets as well as warships and other multibillion-dollar arms systems sold worldwide.
There was no word on what information may have been compromised in the attack nor where it may have originated. Military contractors' systems contain technical specifications on weapons under development as well as those currently in use.
The US government has offered to help Lockheed analyze "available data in order to provide recommendations to mitigate further risk," Chris Ortman, a DHS official, said in an e-mailed reply to a query from Reuters.
A person with direct knowledge told Reuters on Friday that unknown attackers had broken into sensitive networks of Lockheed and several other US military contractors.
Boeing Co and Northrop Grumman, the Pentagon's No. 2 and No. 3 suppliers respectively, declined to discuss matters involving corporate security.
US officials may investigate a cyber breach at a company's request. DHS, the lead agency for securing federal civilian networks, can deploy a team to analyze infected systems, develop mitigation strategies, advise on efforts to restore service and make recommendations for improving overall network security.
Several top cybersecurity experts with extensive government dealings said they were in the dark about the origin of the attack.
"I think it tells us that DHS doesn't know much about what's going on either," said Anup Ghosh, a former senior scientist at the Pentagon's Defense Advanced Research Projects Agency who worked on securing military networks.
Ghosh, who now runs Invincea, a software security company, said there had been a string of intrusions against defense contractors, security companies and US government labs, including the US Energy Department's Oak Ridge National Laboratory, since the start of this year.
These attacks typically were carried out through so-called "spear-phish" inducements to click on a certain link to web sites or through emailed attachments carrying malicious code.
Once so compromised, a computer can surreptitiously download other code that can log a victim's key strokes, giving an attacker a path to potentially wide network access.
"Defense industrials is where our military technology secrets are," Ghosh said in an email interview. "What's happening here is nothing short of theft of a nation."
The person with direct knowledge told Reuters on Friday that an intrusion at Lockheed was related to a recent breach of "SecurID" token authentication technology from EMC Corp's EMC.N RSA security division.
Cyber intruders were reported in 2009 to have broken into computers holding data on Lockheed's projected $380 billion-plus F-35 fighter program, the Pentagon's costliest arms purchase.
A series of once-secret US diplomatic cables released by the WikiLeaks website suggests that China has jumped ahead of the United States when it comes to cyber espionage.