As uniformed commanders, civilian leaders and lawmakers have spent the past five years talking about how we really need to start talking about cyber-security -- each event includes the same litany of scary warnings, unanswered questions, and jurisdictional confusion -- cyber-villains have been robbing us blind. That's according to a report this week from the online security firm McAfee, Inc., which said that a certain, ahem, "nation state," which it chose not to name, has spent that whole time "targeting more than 70 government entities, nonprofit groups and corporations to steal troves of data."
Here's how the AP wound up its brief story: "The report is short on specifics, as the security firm is not naming most of the victims or exactly what data were stolen. Most of the victims are in the U.S., with a few in Canada, South Korea, Taiwan, Japan and elsewhere." We know, because outgoing Deputy Defense Secretary Bill Lynn has admitted it, that DoD has been losing secrets to cyber-snooping like sand through a sieve -- but how does it fit in to this most recent report?
A top Pentagon spokesman, Marine Col. Dave Lapan, addressed that question for reporters. Here's what he said:
We are aware of this report and its contents. While we do not comment on an outside report, operating and defending the DoD networks is one of the key missions for U.S. Cyber Command. We work with other governmental agencies to ensure detecting and mitigating cyber intrusions on the DoD networks is a key cyber security goal for the Command. As with all intrusions on the DoD network, maintaining an active defense is a key factor in intrusion detection and prevention.Cyber threats to information and communications infrastructure pose an economic and national security challenge for the United States and our partners, which is why the President has made cyber security one of his top priorities.
From our assessment -- the impact to the DoD network is minimal. The operation and protection of DoD networks is a key priority for us and because of this, we employ along with other governmental agencies, defensive tools as part of our Active Defense system to aid in intrusion detection and prevention.
But just because a "nation state" had a campaign to target the computer networks of business and organizations doesn't mean it wasn't also targeting DoD's networks in parallel -- in fact, it seems pretty clear that has been happening.
