Chinese compromise of U.S. weapon designs drives home painful lesson in cybersecurity

Written on:May 28, 2013
Comments are closed

For anyone paying attention, the fact that Chinese hackers apparently accessed key U.S. weapons designs may be unsettling but hardly surprising. Previously undisclosed findings by the Defense Science Board, show that more than two dozen major weapons designs were breached, according to a Washington Post report on Tuesday. Affected projects range from U.S. missile defenses to combat aircraft — including the F-35 Joint Strike Fighter — and ships. (The Post compiled a list of the affected weapons here.)

Dan Geer, a superstar among computer security and risk management experts, spoke to me about just this sort of risk last week. The most sobering part of the conversation was Geer’s stated belief that the game has definitively shifted from prevention of attacks to mitigation of their consequences.

In short: if you’re big enough, your work will be compromised, the goal now is to make sure you know when that happens as fast as possible.  I quoted him on this topic earlier, but his words ring even more eerily true now:

“If your enemy really is the People’s Liberation Army, what can you do? We can sputter about it but they’re serious and they’re good,” … “The most serious attackers will probably get in no matter what you do. At this point, the design principal, if you’re a security person working inside a firm, is not failures, but no silent failures.”

Of course security vendors have latched onto these threats as a way to sell more stuff and are increasingly glomming onto big data analysis as a way to shorten the time between attack and stopping it in a high-stakes game of Whack-a-mole.

As RSA executive chairman Art Coviello said a few months ago: ““It’s not about perfect security, its all about ratcheting down risk as much as you can.”

And it’s not just huge government contractors, agencies and suppliers at risk. “No industry is immune,”  cautioned Geer, who is also an advisor to In-Q-Tel, the investment arm of the CIA and other security agencies and to Verdasys, a security vendor. Almost anyone can see why hackers target gigantic players like Boeing that spend billions on  designs which could be used to build similar products at much lower costs. But, don’t forget that any grocery store chain that uses credit cards is also a target, Geer said.

Feature photo courtesy of  Flickr user Dysanovic

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

  • The importance of putting the U and I in visualization
  • AWS Storage Gateway jolts cloud-storage ecosystem
  • A near-term outlook for big data


Sorry, the comment form is closed at this time.