The most expensive Pentagon weapons system ever developed, the program involves 7.5 million lines of code, of which hackers made off with several terabytes.
With President Obama’s review of U.S. cyber-security due this week, the Wall Street Journal is reporting that unknown hackers have infiltrated the Pentagon’s most expensive weapons program. The incident follows reports that computer spies have also hit the U.S. power grid and the Air Force’s air traffic control system.
The latest hack involves the Pentagon’s $300 billion (£205bn) Joint Strike Fighter project, where it is reported that intruders successfully managed to grab several terabytes of data, including information about the design and electronics systems of the program. Although the hack could allow the thieves to better defend against the Joint Strike Fighter, Pentagon officials said the most sensitive data about the program was untouched, since it is stored on a computer not connected to the Internet.
The Wall Street Journal quoted unnamed sources who claimed the attacks originated from China, although Pentagon officials said it is very easy to mask such attacks and no actual proof exists of Chinese involvement. The Chinese Embassy in Washington denied the allegations.
Also known as the F-35 Lightening II, the Joint Strike Fighter is being developed by Lockheed Martin for the U.S. Air Force, Navy and Marine Corps, and the British Royal Navy. A stealth, supersonic multirole fighter, the F-35 relies on 7.5 million lines of code, more than three times the code employed on any other fighter plane.
The hackers infiltrated the system through network vulnerabilities of several contractors working on the project. In addition to Lockheed Martin, other contractors working on the fighter plane include Northrup Grumman and BAE Systems. The spies encrypted the data as it was being stolen, leaving Pentagon officials unable to account for all of the data that may have been stolen.
Currently, the United States has no centralised government or military office responsible for cyber-security. Shortly after taking office, Obama ordered his National Security and Homeland Security advisers to conduct a 60-day review of the U.S. government’s cyber-security plans, programs and activities. The review, which is due as early as this week, is headed by Melissa Hathaway, who served as the national cyber-security coordinator under former President Bush.
Hathaway was also named a senior director at the National Security Council, and numerous media accounts have mentioned her as a top candidate to serve as Obama’s cyber-security chief. A former Booz Allen consultant, Hathaway led a group that developed Bush’s National Cybersecurity Initiative.
On several occasions while campaigning for the presidency, Obama stressed the importance of beefing up the United States’ cyber-security efforts while at the same time protecting privacy rights. At a campaign stop in Indiana, Obama said, “We need to build the capacity to identify, isolate and respond to any cyber-attack. And we need to develop new standards for the cyber-security that protects our most important infrastructure, from electrical grids to sewage systems, from air traffic control to our markets.”