July 15, 2011, 3:53 PM — In today's "geez, it's about time" moment, the Pentagon confirmed a March hack attack lost the U.S. military its exclusivity over 24,000 files and that the U.S. military would be changing the way it defends against cyberattacks.
The defense contractor that got hacked in March remains unnamed in the Pentagon report, though Lockheed Martin admitted it had been attacked in May, along with the CIA, Senate, the Pentagon itself and half the rest of the government.
And Booz Allen Hamilton was hit this week, proving vulnerability is a characteristic that lasts far longer than anyone finds it endearing.
The files that were copied or stolen were sensitive and important enough that the Pentagon may require the redesign of some of its existing weapons systems, according to its statement.
Until now the Pentagon's response to sudden attacks or long-term penetrations has been "way too predictable" and "purely defensive," General James Cartwright, vice chairman of the joint chiefs of staff told reporters Thursday.
"There is no penalty for attacking us now. We have to figure out a way to change that," Cartwright said.
That sounds like something all those military minds might have thought of earlier, but may not reflect an actual strategy.
"Hours later [after Cartwright's statement] the deputy defence secretary, William Lynn, presented a strategy whose thrust, he said, is defensive and focused on "denying the benefit of an attack," according to the British Guardian newspaper's version of the new strategy, which may make it hard for the Pentagon to avoid tripping over its own feet, let alone maneuvering to attack the enemy.
The Pentagon spends 90 percent of its IT security time on better firewalls and 10 percent to deterring attack, according to Cartwright, who said the reverse would be closer to an ideal strategy.
The new plan's defensive portion, in addition to firewalls, depends on network sensors and software to detect behavior within Pentagon systems that indicate a penetration after it occurs to help stop attackers from doing any damage even if they do penetrate the outer wall.