The Pentagon is increasingly falling prey to cyber-attacks. The latest incident involved the multi-billion-dollar Joint Strike Fighter project. The Defense Department is pointing the finger at China. Siobhan Gorman reported the story for today's Wall Street Journal. She speaks with anchor Marco Werman.
This text below is a phonetic transcript of a radio story broadcast by PRI's THE WORLD. It has been created on deadline by a contractor for PRI. The transcript is included here to facilitate internet searches for audio content. Please report any transcribing errors to firstname.lastname@example.org. This transcript may not be in its final form, and it may be updated. Please be aware that the authoritative record of material distributed by PRI's THE WORLD is the program audio.
MARCO WERMAN: I'm Marco Werman. And this is THE WORLD, a co-production of the BBC World Service, PRI, and WGBH, Boston. Two weeks ago we reported on cyber-spies from Russia and China penetrating the U.S. Electrical grid. Today, the news is that someone hacked into a Pentagon system holding sensitive design information for a new multi-billion-dollar fighter-jet program. Siobhan Gorman reported the story in today's Wall Street Journal. She's in California now attending a cyber-security conference. Siobhan, tell us what this latest attack involved?
GORMAN: There were repeated penetrations of the Pentagon joint strike fighter program which is it's, sort of, largest, most expensive weapons program at about three hundred billion dollars or so, and the penetrations began at least as far back as 2007 and investigators were still finding evidence of penetrations in 2008. They appear to have come through at least two or three contractors who are involved, and just to give you a sense of the scope of the program, this is pentagon program that involves contractors in nine countries.
WERMAN: So, they came through the contractors, does that mean that it's, kind of, an inside job?
GORMAN: No, actually, it was an outside job but they were able to, sort of, weasel their way into these, sort of, critical joint strike fighter program computer networks through the contractors which were building the program.
WERMAN: And when we say "they" who is they? Who does the US government suspect in this?
GORMAN: Well, the US government says that it looks like it came from China because, as they started tracing back, they found the equivalent of digital finger prints and IP addresses that had been previously used by the Chinese to attack other US systems. And, so, investigators have concluded, at this point, that it appears to be from the Chinese. The Chinese regularly deny these kinds of allegations saying it's very easy to fake your identity in cyber space, and other cyber spies are just using China almost as a foil.
WERMAN: What could the Chinese, if it is the Chinese that's perpetrating the attacks, what could they do with this information?
GORMAN: These penetrations could be used for one or all of three things. The first being that there were little software tools that they discovered that had been left behind, and in case they didn't catch all of them some of these that had been left behind could be used to manipulate the plane's logistic system at some future date. The second thing is that they can use the information that they've gathered on the system just to detect weaknesses in the fighter jet program and try to exploit those for their own purposes. The third would just be, sort of, your standard industrial espionage which would be try to take the best parts of the system and copy it.
WERMAN: How deeply concerned are cyber security experts about these attacks? I mean, they sound bad, but, I mean, really, how much of a threat are they? Especially when, as the Pentagon has admitted, the real, kind of, hot stuff data is stored on defense department computers that aren't connected to the internet?
GORMAN: Well, I think, in this case, it's more that the Chinese tend to gather such volumes of data that even if you're taking bits and pieces from what might not be considered to be the most sensitive systems, when you get enough of it and you put it together you can get a pretty good picture of some of the sensitive material as well. And that's, sort of, the chief concern that I've heard from people who were involved in investigating these types of things.
WERMAN: Is it possible to prevent attacks like these?
GORMAN: It is, but it's very difficult, particularly when you have such a large program that spans so many countries and so many different private contractors. There has actually been a growing concern at the Pentagon that their reliance on these contractors to do, sometimes classified, sometimes not classified, work is definitely creating vulnerabilities because the contractors record on securing their systems from outside penetrations is, at the very best, uneven.
WERMAN: Wall Street Journal reporter Siobhan Gorman there, there's a link to her story at theworld.org. Siobhan, thank you very much for speaking with us.