Friday, July 15, 2011

Inside Job

Barely 24 hours after the Pentagon announced a massive security breach earlier this year, the story has all-but-disappeared from the media. True, the "hacker attack" (which resulted in the theft of more than 20,000 pages of classified documents) got some play in morning editions of the Washington Post and The New York Times--and it was the lead story last night on the CBS Evening News--but there has been remarkable little follow-up. After all, reporters, editors and producers must move on to bigger stories, like the J Lo/Marc Anthony split and Casey Anthony's impending release from jail.

Too bad, because this has all the makings of a major scandal. This much we know: earlier this year, hackers (read: foreign intelligence operatives) penetrated the secure computer network at a defense contractor and made off with some of the nation's most sensitive information. Among the material pilfered: war plans for Iraq and Afghanistan, and detailed technical information for the F-35 Joint Strike Fighter.

When the breach was announced yesterday by Deputy Defense Secretary William Lynn, he confirmed that the operation was almost certainly the work of a U.S. adversary, most likely China or Russia. That's hardly a surprise; Mr. Lynn suggested the "hackers" got their information in a limited probe, suggesting they knew exactly how to enter the network, and were looking for specific information.

But what's missing from the "official" account (and media reports) is another, equally disturbing element: the theft was, most likely, an inside job, carried out by individuals with access to the classified networks that links the Defense community, SIPRNET (which handles SECRET-level traffic), and JWICS, which carries TS/SCI data.

That assessment is based on a rather simple fact. SPIRNET and JWICS are separate from the internet. The Pentagon has spent billions wiring the world for transmitting classified information, avoiding the use of commercial networks that could be more easily targeted. DoD also invested heavily in encryption systems and security protocols that provided added layers of protection.

So, what's the easiest way to penetrate that type of system? Put a spy on the inside, with the a security clearance and ability to look for information and download it. We're hoping that arrests will be announced in a few days. But there's also the chance that the cyber-raid represented the capstone assignment for a Chinese or Russian operative. Once the data was stolen, the spy may have simply hopped onto an overseas flight and disappeared, long before we realized what happened.

In fairness, it is more difficult for spies to download information from secure computer networks--but not impossible, as illustrated by the Wikileaks scandal. All it takes is a disaffected American, or someone planted in the defense establishment, with access to machines that allow users to copy classified data to portable storage devices. Lest we forget, Bradley Manning was a mere Army private when he copied hundreds of thousands of pages of collateral-level information and sent it to Wikileaks.

From what little we know about the latest security breach, it's hard to say if the penetration occurred on SIPRNET or JWICS. War plans for on-going conflicts are often classified at the collateral level, as are some technical details for allied weapons systems. But given the sensitive technology contained in the F-35, it is possible that the penetration occurred on a Top Secret system or (God forbid), a network reserved for special access programs.


davod said...

Another case of "not on Obama's watch" therefore no loud noises from the MSM?

Anonymous said...

I am thinking Indian or Chinese tech employees at the contractor.

John Burgess said...

Not to forget that Israel also has a very active and hostile intel program directed at the US.