YOU ARE HERE: LAT HomeCollections

U.S. is busy thwarting cyber terrorism

The government and defense contractors are in a constant battle against computer attacks.

June 24, 2010|By Bill Lambrecht

Reporting from Washington — At Boeing Co.'s cyber operations center in St. Louis, a flashing, 54-inch computer screen warns of modern-day burglars and spies.

In an hour's time on a typical morning this spring, Boeing's elaborate detection system logged 3,722 suspicious efforts to gain access to the company's global computer network.

Boeing analysts worked swiftly with company cyber sleuths at other locations to secure the network and identify would-be intruders.

But tracking the hackers can be tough, even with their nine-digit Internet Protocol addresses flickering in vertical rows on the huge color monitor.

"The bad guys are really good at hiding their tracks," said Kevin Nikkel, a Boeing security analyst.

They're persistent, too — to an extent that most people can't fathom. At Boeing, the automated attacks don't stop, keeping teams of security analysts busy around the clock.

And that's just at Boeing.

The new head of the U.S. Cyber Command, Gen. Keith Alexander, revealed this month that Pentagon systems are attacked 250,000 times an hour, 6 million times a day. The attackers range from foreign intelligence agents to for-profit criminal enterprises to hackers trying to make mischief, security specialists say.

"In short, we face a dangerous combination of known and unknown vulnerabilities," said Alexander, who also heads the National Security Agency.

As the federal government moves to address those vulnerabilities, defense contractors such as Boeing are pushing aggressively to win lucrative contracts. Companies accustomed to selling weapons to the government also are bidding for work in secret military programs to develop offensive cyberwarfare tools.

At the heart of the debate is the reality that hackers are aiming at business networks as well as home computers with increasingly sophisticated techniques. They are trying to steal everything from intellectual property to personal financial information — or perhaps they merely hope to cripple systems in "denial of service" attacks. The National White Collar Crime Center reported $560 million in losses from a variety of Internet crimes last year, more than double the reported losses a year before.

"It's an enormous problem that has been creeping up on us," said Ronald Ross, a government computer scientist who develops security guidelines for federal agencies and government contractors.

"There's a whole new wave of cyber attacks being launched right now at the U.S. government and businesses from very sophisticated threat sources," he said.

James Lewis has written authoritatively on cybersecurity at the Center for Strategic and International Studies in Washington.

The roots of today's vulnerability, Lewis contends, is the inattention to security over the years in building a global network. Now, he says, hacking operations have grown so sophisticated that some deploy thousands of computers to automatically send malicious probes, one a minute, 24 hours a day.

"You have consumers and companies and federal agencies for whom security is not their top priority, maybe not even a third-level priority. Against them, you have intelligence agencies and criminals for whom this is their top priority," he said.

For defense and aerospace companies, the government's recent push to protect itself is welcome given the move away from some of the big-ticket weapons systems. Cybersecurity is widely viewed as a certain growth industry, especially when combined with the government's confidential programs to develop offensive cyberwarfare capabilities.

"It is one of the very few growth opportunities that exists today in the defense sector. Other areas are likely to trend downward," said defense analyst Loren Thompson of the Lexington Institute, a think tank supported heavily by defense contractors.

Thompson estimates the government market for cybersecurity at $10 billion to $14 billion — not counting the confidential awards for cyberwarfare, which could double the business available to contractors, according to some estimates.

But before they can offer protection for others, defense contractors must first secure their own networks from hacking. At Boeing, a major computer outage in the mid-1990s led to the formation of its Tiger Team and a shift in thinking about computer security. Last year, amid increasing worries about unauthorized access to its system, the company moved to a smart-card system to gain access.

Linda Meeks, Boeing's chief information security officer, recalled the increasing number of attacks, such as those with phishing e-mails to employees that appeared to be coming from friends and family.

Meeks said the company decided to turn off e-mail access to anyone without a card. At a conference discussing the decision, she recalled being "brutally honest about what happened in the company."

Los Angeles Times Articles