Companies often will not even come close to admitting they were the victims of a cyber attack.
That is not the case, though, with Lockheed Martin Corp. as they have said there has been a dramatic growth in the number and sophistication of international cyber attacks on its networks. Now the Pentagon’s top supplier said it is getting in touch with its suppliers so they can form an even stronger defense in depth strategy.
About 20 percent of the threats directed at Lockheed networks were “advanced persistent threats,” prolonged and targeted attacks by a nation state or other group trying to steal data or harm operations, said Chandra McMahon, Lockheed vice president and chief information security officer.
“The number of campaigns has increased dramatically over the last several years,” McMahon said “The pace has picked up.”
She said the tactics and techniques were becoming increasingly sophisticated, and attackers are now targeting Lockheed suppliers to gain access to information since the company strengthened its own networks.
U.S. officials stepped up warnings about cyber attacks on U.S. banks, warning attackers are developing the ability to strike U.S. power grids and government systems.
Rohan Amin, Lockheed program director for the Pentagon’s Cyber Crime Center (DC3), said internal analysis showed the number of campaigns had clearly grown, and multiple campaigns often linked to one another.
“Suppliers are still a huge problem,” said Charlie Croom, Lockheed’s vice president of cyber security solutions, noting the large number of companies that provide products and components for Lockheed.
Croom estimated 5 to 8 percent of Lockheed’s revenues in the information systems sector related to cyber security. Lockheed generated $9.4 billion sales in that division in 2011.
McMahon said Lockheed had seen “very successful” attacks against a number of the company’s suppliers, and was focusing heavily on helping those companies improve their security.
She said a well-publicized cyber attack on Lockheed’s networks in May 2011 came after the computer systems of two of its suppliers — RSA, the security division of EMC Corp and another unidentified company – suffered a compromise.
“The adversary was able to get information from RSA and then they were also able to steal information from another supplier of ours, and they were able to put those two pieces of information together and launch an attack on us,” McMahon said.
She said Lockheed had been tracking the adversary for years before that attack, and was able to prevent any loss of data by using its in-house detection and monitoring capabilities.
One of the lessons the company learned was the importance of sharing data with other companies in the defense sector, and suppliers, to avert similar attacks, McMahon said.