"Grand Theft Fighter Jet." No, it's not the latest e-gaming thriller from Take-Two Interactive, and, no I'm sad to report that you cannot play it on your Nintendo DS. This is something a whole lot serious.
Hard on the heels of its early April news that Russian and Chinese hackers penetrated the U.S. electricity grid, The Wall Street Journal reported yesterday that hackers have hit the Pentagon, too. According to the Journal, someone -- apparently based in China -- has succeeded in penetrating the IT systems at key U.S. defense contractors, making off with "several terabytes" worth of data on Lockheed Martin's
The Pentagon makes no bones about who they think is behind the hacking: China. But officials admit that it is hard to be certain about identities in the online world. For its part, China denies any involvement in the thefts and terms the allegations "intentionally fabricated" to hurt China's reputation.
Be that as it may, somebody is stealing F-35 specs... and breaking into the U.S. electrical distribution system... and the air traffic control system, essentially laying the groundwork for an e-war against the U.S. (My guess is it's not Botswana.) But the who isn't really the crucial question here. "What are they doing?" is the better question, and "How can we stop it?"
The Pentagon reports that its systems are "probed daily." Throughout the federal government, more than 18,000 cybersecurity breaches were reported last year, including more than 3,200 cases of unauthorized access and nearly 2,300 cases of malicious code being inserted into federal IT systems.
In the latest instance, most contractors are keeping understandably mum about whether they were the source of the hackers' ingress. F-35 general contractor Lockheed issued a carefully parsed non-denial denial of victimhood, averring: "to our knowledge there has never been any classified information breach." (Emphasis added, and the devil's in the details.) Meanwhile, key subcontractors Northrop Grumman
Am I picking on the WSJ, AP, and other mainstream journalists who called a halt at just three companies when investigating the source of the break-in? (OK, maybe just a little.) But it's important to note that literally dozens of contractors, subcontractors, and sub-subcontractors work on this project. Not all of them are even located inside the U.S., and any one (or more) of them could have allowed the breaches that have sent millions, maybe billions of dollars' worth of classified specs and technical data on the F-35 streaming across the Ether and into the laptops of countries that bear us ill will. This all underscores what a difficult, and potentially expensive, undertaking protecting vital defense contracts from cyber attacks is.
If I may borrow a phrase from Saturday Night Live financial expert Oscar Rogers, now's the time to: "Fix it!"
As President Obama entered office, pundits predicted the new administration would more than triple the Bush Administration's $15 billion Comprehensive National Cybersecurity Initiative budget, spending as much as $50 billion to enhance the nation's cybersecurity at every level. It's been four months since the Center for Strategic & International Studies issued its memo to the President calling cybersecurity a threat "on par with weapons of mass destruction and global jihad." Yet so far as I can tell, progress has been minimal.
Now admittedly, the administration's had its hands full fending off the zombie bank apocalypse and upending the U.S. economy here at home, while chasing Jolly Rogers off the coast of Somalia. But the last I heard, the President's barely making even token efforts on the cybersecurity front. The fiscal 2010 cybersecurity budget directs a piddling $355 million to improve IT protection at Homeland Security -- a far cry from $50 billion.
It's time to get serious, and fix it
Meanwhile, the drumbeat of cyber attacks gets steadily louder. I mean seriously, folks -- a single, isolated WSJ hack-attack headline is one thing. But this is the second time in as many weeks that the Journal has felt compelled to give a major IT attack front-page attention. The situation's getting critical -- and perhaps more importantly, it's getting publicity. Sooner or later, the government is going to have to open up its wallet and spend some serious bucks to address this problem. Either that, or face the wrath of Rupert Murdoch and endless bashing in the press.
Perversely, it looks to me like some of the companies best-placed to profit from serious government engagement on the cybersecurity crisis are... the same companies affected by it. Lockheed is arguably the company hurt worst by the theft of F-35 data, right? Yet Lockheed's own Information Systems & Global Services business -- the company's largest by revenues -- contains a large cybersecurity component that might benefit from government efforts to stop future cyberattacks.
Call it a conflict of interest if you will. But also call it what it is: Reality.
UPDATE: As this article was going to press, Defense Secretary Gates announced plans to set up a new military "cyber command" within the next few weeks. Preliminary reports suggest the command will be headed by a four-star general yet to be named.
Also yet to be named: what the command will do, what companies it will work with, and how much funding it will get. But I guess it's a start.
(Which company offers the absolute best play on America's need to beef up its IT security? Find out in the latest issue of Motley Fool Rule Breakers.)