Pentagon admits data breach as it rolls out new cyber strategy

The Pentagon has unveiled a new US cyber security strategy four months after one of its biggest losses of sensitive data in an attack on a defence industry...

The Pentagon has unveiled a new US cyber security strategy four months after one of its biggest losses of sensitive data in an attack on a defence industry contractor.

Outlining the strategy, which formally declares cyberspace a new warfare domain, William Lynn, deputy US defense secretary, said about 24,000 files containing Pentagon data were stolen in March.

In an interview ahead of the speech, William Lynn said the Pentagon believed the attack had been carried out by a foreign government, according to the BBC.

Lynn did not name the alleged attackers, but said the Pentagon had a good idea of who was responsible. Previous cyber attacks have been blamed on China or Russia, and one of the Pentagon's fears is that a terrorist group will acquire the ability to carry out such attacks.

In his speech, Lynn said some of the stolen data was mundane, but a great deal of it concerns sensitive systems such as satellite communications systems and network security protocols.

The Pentagon is concerned future cyber attacks will extend beyond stealing data to damaging US defences and even causing death by disrupting critical infrastructure.

In a release accompanying the strategy, defence secretary Leon Panetta said it was critical to strengthen US cyber capabilities to address the threats the US faces.

At his Senate confirmation hearing last month, Leon Panetta said it was likely "the next Pearl Harbor" could be a cyber attack that cripples the US power grid, and financial and government systems.

The strategy calls for developing more resilient computer networks so the military can continue to operate if critical systems are breached or taken down, but the unclassified version of the plan does not contain details of offensive cyber operation plans or incident response plans.

The unclassified version of the strategy says only that the US will prepare soldiers for a variety of scenarios, such as "degraded cyberspace operations for extended periods and disruption during a mission".

The Pentagon strategy calls for the US military to constantly evolve its cyber defence mechanisms to respond to the latest threats. The strategy aims to enhance security best practices, deter insider threats and explore new defence mechanisms, said the Pentagon.

"Going on the offensive is essential," says Wasim Ahmad, vice-president at Voltage Security.

"In addition, traditional passive security systems that focus exclusively on protecting the IT infrastructure must be augmented with security that focuses on protecting the data itself," Wasim Ahmad said

According to Ahmad, even the Pentagon must assume that hackers will eventually get through to core data. "And that data needs to be rendered useless to attackers by using data encryption solutions," Ahmad said.

Read more on IT risk management