Report: Bad communication among defense agencies makes China hacks more dangerous

Gen. Martin Dempsey

Gen. Martin Dempsey

It's not just the fact that China has been hacking U.S. military contractors' networks, it's that the agencies discovering the breaches and the contractors themselves haven't been telling other agencies that need to know, a U.S. Senate report says.

The report investigated just 11 out of more than 80 contractors hired by one U.S. military agency that are supposed to report cyber security incidents. The Senate Committee on Armed Services found 50 successful intrusions, including at least 20 attributable to advanced persistent threats (APT) placed by China, according to the report by the

+ Also on Network World: US-China tech exchange strained over hacking accusations | Wikileaks outs latest FinFisher 'government spyware' that anti-virus can't spot +

Yet during the period investigated by the committee, of the 80 companies that were supposed to report incidents to the U.S. Transportation Command (TRANSCOM), only two reported any incidents at all.

While the APTs themselves pose a risk of stolen data, the further threat is that these compromised networks could be disrupted to compromise military operations in emergencies and therefore national security.

In some cases, TRANSCOM relies almost entirely on the support these private companies are hired to give. "For example, private airlines provide more than 90 percent of DOD's passenger movement capability and more than one-third of its bulk cargo capability," the report says.

As a result, the military also relies on these contractors' corporate networks to transmit sensitive information. "In addition the overwhelming majority of DOD deployments and distribution transactions occur over unclassified networks, many of which are owned by private companies," the report says.

So TRANSCOM would want to know whether its contractors' networks were compromised and potentially leaking data to China about civilian movement of troops and supplies. The report quotes the head of the Joint Chiefs of Staff Gen. Martin Dempsey as saying, "We can't stop an attack unless we can see it."

A lot of the problem is the various agencies don't communicate well with each other, according to the report.

TRANSCOM was told about just one of 20 advanced persistent threats that were successfully deployed in contractor networks.

Part of the problem is that the contractors and TRANSCOM aren't on the same page when it comes to what incidents the contractors must report. Another part is that other governmental agencies that may discover intrusions don't understand what TRANSCOM might need to know. A third part is that the agencies involved don't fully understand how they are allowed to share intrusion information.

Between June 1, 2012 and May 31, 2013 the FBI, Defense Security Service, Defense Cyber Crime Center or the Air Force Office of Special Investigations knew about at least 20 intrusions, but TRANSCOM knew about just two. TRANSCOM says information-sharing rules have prevented it from learning about intrusions, but the committee says it could find no such rules.

The contractors themselves are bound by contract language that TRANSCOM intends to require them to report certain incidents, but the contractors say the language is ambiguous and they did not report, the committee says.

Further, as of January 2014 TRANSCOM hadn't provided a list to the FBI or Department of Defense of those contractors whose intrusions it would like to hear about.

In one case a contractor suffered 24 intrusions but reported none to TRANSCOM. The report says, "wile the yber incident reporting requirement was included in TRANSCOM's contract with te company, it was included as an option that TRANSCOM did not exercise."

In another case a contractor didn't report intrusions to TRANSCOM because it thought the provision applied only to a particular network run by one of its subcontractors. The company in question did report the incidents to other defense agencies, but took four to six months to do so.

Join the CSO newsletter!

Error: Please check your email address.

Tags network securitysecurityChina hacksgovernment

More about APTFBITransportation

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place