Breach Notification , Governance & Risk Management , Incident & Breach Response
Possible Cyber-Attack at Defense Agency
Suspicious Activity Detected on Public-Facing ServerThe Defense Contract Management Agency, which manages outside contracts for the Department of Defense, is investigating a possible cyber-attack.
See Also: Your Complete Guide to Healthcare Managed Defense
DCMA says suspicious activity was detected on a public-facing server on Jan. 28, prompting an investigation into the matter, a spokesperson tells Information Security Media Group.
"So far, no DCMA, DoD or Defense Industrial Base data nor any personal identification information has been breached," the agency says.
A cyber protection team from the Department of Defense is working with DCMA to enhance network security following the incident. "DCMA's website has been intentionally taken offline while the team investigates the activity," the spokesperson says. "All other network operations have proceeded as normal."
A message on DCMA's website midday Feb. 11 said that services were temporarily unavailable due to a "corrective action in progress." The spokesperson says the agency expects to have the website back up in the "next couple of days."
The news comes after the White House announced Feb. 10 that it's creating a federal agency to analyze information culled from other agencies to battle cyberthreats to the government and the private sector (see: White House Creates Cybersecurity Agency).
Attack Motivation
Cybercriminals may have targeted DCMA in an attempt to gain insight into which companies hold specific contracts with the DoD, says Shirley Inscoe, a security analyst at the consultancy Aite Group. "Then [they'll] target those companies to try to use their systems to gain insight to Department of Defense or other federal government systems," she says.
Another potential motivation is to make sensitive, confidential information public to embarrass the U.S. government or government officials, Inscoe explains.
"We've seen a number of successful attacks using third parties to access the systems of various large companies, so to carry that modus operandi to the federal government attack makes sense," she says. "Hopefully, the investigation will demonstrate that the initial assertion that no sensitive data was compromised is correct."
Information contained in contracts could give outsiders insight into military operations that would be attractive to defense contractors - domestic and foreign - as well as nation-states and their militaries hunting for intelligence on America's armed forces, says retired Air Force Lt. Gen. Harry Raduege, who once headed the Defense Information Systems Agency. "That's a real treasure trove of information," says Raduege, now chairman of the Deloitte Center for Cyber Innovation.
Inscoe says it's worrisome that DCMA has not yet restarted its website. The agency says the site was taken down Jan. 28 after the incident was detected. "It is understandable to take the website down while it is being attacked and perhaps during the initial investigation, but two weeks seems a bit extreme," Inscoe says.
The possible cyber-attack against DCMA follows recent incidents affecting U.S. Central Command, the U.S. Postal Service, the National Oceanic and Atmospheric Administration and the White House.
News of a possible DCMA breach was first reported by security blogger Brian Krebs.
(Executive Editor Eric Chabrow contributed to this story.)