Defense Contractors Don’t Want to Say When They’ve Been Hacked

Shhh—defense companies aren’t too excited about a new rule that would make them reveal their security breaches.

<a href="http://www.flickr.com/photos/multiplyleadership/6929666749/">MultiplyLeadership</a>/Flickr

Let our journalists help you make sense of the noise: Subscribe to the Mother Jones Daily newsletter and get a recap of news that matters.


In 2009, it came to light that hackers had successfully broken into the most expensive Pentagon weapons program of all time, the F-35 fighter jet, by gaining access to computers allegedly belonging to the defense contractor BAE Systems (the contractor part came out later). There had “never been anything like it,” one unnamed official told the Wall Street Journal. The intruders were later confirmed to be Chinese spies, and lo and behold, in 2012 China rolled out a stealth fighter that looked suspiciously like the F-35. Was it a coincidence?

It took several years for all of the details of the F-35 breach to be unearthed. (The first hack took place in 2007, wasn’t publicly reported until 2009, and BAE Systems’ alleged role didn’t come out until 2012.) But a new amendment to the defense budget, introduced by Sen. Carl Levin (D-Mich.), would prevent contractors from not disclosing when they’ve been hacked. The amendment would require defense contractors to report to the Pentagon when spies and hackers successfully scale their firewalls. And the contractors don’t appear to be happy about it.

Some of the contractors’ grievances were aired in Politico on Monday. Trey Hodgkins, a senior vice president at TechAmerica, a trade association, said that contractors are already participating in a voluntary information-sharing program, and they “are likely to fight the change.”

Mother Jones contacted four major defense contractors: KBR, Lockheed Martin, BAE Systems, and L-3 Communications. Only Jennifer Allen, a spokesperson for Lockheed Martin, responded—with a non-comment comment. “We are reviewing the cybersecurity amendment in the recently passed Senate version of the defense authorization bill, and will watch it closely,” she said.

Lawyers who work in contracting law are already spelling out arguments against the amendment, making the point that it doesn’t specify whether it applies to classified or unclassified information that has been breached. Kate Molony, an associate at Crowell & Moring, writes that it “raises significant questions for those that it seeks to regulate.” Elizabeth Ferrell, a lawyer at McKenna Long & Aldridge, calls it an “ambiguous legislative reporting requirement.”

But in fact, contractors already have to report some of this information. The Pentagon’s Defense Security Service releases regular reports on technology hacking in the defense industry. According to Mark Jaycox, a policy analyst at the Electronic Frontier Foundation, even though reporting is voluntary, DSS can get this information in part because recently “DOD has been adamant about inserting a clause in contracts that mandates reporting of security breaches.” He adds that the new amendment would create a uniform standard for everyone, and “the government can use this information to defend against threats.”

Richard Bejtlich, who used to work for General Electric and is now the chief security officer at the cybersecurity firm Mandiant, says there are already well-defined reporting requirements for contractors who work with classified information. He adds that extending those requirements to companies that work with unclassified information could be a good thing for taxpayers. “In the private sector, if you’re doing work for another company, you have to tell them if there’s a breach that involves their data,” he says. “It’s just good customer service.”

THE TRUTH IS...

what drives Mother Jones' team of 50-plus journalists. The truth is powerful, as evidenced by how hard those with something to hide, or profit to gain, seek to discredit it. The truth, stated boldly and reported meticulously, is what draws so many readers to Mother Jones.

And the truth is, going into the final 4 days of the year we still needed to raise $TK to hit our $350,000 goal and start 2021 on track. It's nerve-wracking, wondering if the big spike we normally see at the end of December is going to be another thing that doesn't go as planned in 2020, or worse, if, now that Donald Trump is set to leave the White House (for longer than a taxpayer-funded golf trip to a property he owns), folks might be pulling back from fighting for the truth and a democracy and think the hard work is done.

It's not, and if you can right now, please consider a year-end donation to support our team's fearless nonprofit journalism so we can close that big fundraising gap and finish the year strong, ready for all that's ahead in 2021. Whether you can give $5 or $500, it all matters in keeping us charging hard, and we'd be grateful.

payment methods

THE TRUTH IS...

what drives Mother Jones' team of 50-plus journalists. The truth is powerful, as evidenced by how hard those with something to hide, or profit to gain, seek to discredit it. The truth, stated boldly and reported meticulously, is what draws so many readers to Mother Jones.

And the truth is, going into the final 4 days of the year we still needed to raise $TK to hit our $350,000 goal and start 2021 on track. It's nerve-wracking, wondering if the big spike we normally see at the end of December is going to be another thing that doesn't go as planned in 2020, or worse, if, now that Donald Trump is set to leave the White House (for longer than a taxpayer-funded golf trip to a property he owns), folks might be pulling back from fighting for the truth and a democracy and think the hard work is done.

It's not, and if you can right now, please consider a year-end donation to support our team's fearless nonprofit journalism so we can close that big fundraising gap and finish the year strong, ready for all that's ahead in 2021. Whether you can give $5 or $500, it all matters in keeping us charging hard, and we'd be grateful.

payment methods

We Recommend

Latest

Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate