Lockheed: Cyber Attacks Increase, Targeting Suppliers

20 Percent of Attacks Were Advanced Persistent Threats

Lockheed Martin Corp., the Pentagon’s top supplier, cited dramatic growth in the number and sophistication of international cyber attack on its networks, and said Monday that it was contacting suppliers to help them shore up their security efforts, according to an article from Reuters.

About 20 percent of the threats directed at Lockheed networks were considered “advanced persistent threats,” prolonged and targeted attacks by a nation state or other group trying to steal data or harm operations, says Chandra McMahon, Lockheed vice president and chief information security officer (CISO).

She also says that the tactics and techniques used in the attacks were becoming more sophisticated, and attackers are clearly targeting Lockheed suppliers to gain access to information. The company’s own networks are fortified against attack, the article says.

Lockheed officials declined to say if any attacks had originated in Iran, which has been linked to recent denial-of-services attacks against U.S. financial institutions, the article says.

According to Roham Amin, Lockheed program director for the Pentagon’s Cyber Crime Center (DC3), internal analysis shows that the number of campaigns has grown, and multiple campaigns are often linked, Reuters reports.

Charlie Croom, Lockheed’s CP of cyber security solutions, says cyber security is a crucial area for Lockheed, but says it was difficult to pinpoint exactly how much business it generates because network security is part of nearly everything the company sells and does for the government. He also says that the company has annual sales of just under $47 billion, but he estimates that 5 to 8 percent of Lockheed’s revenues in the information systems sector were related to cyber security.

McMahon has said that a May 2011 attack on the company was started by stealing information from two of its suppliers, which was then used to launch the attack. She says Lockheed had been tracking the adversary for years before that attack and was able to prevent any loss of data by using its in-house detection and monitoring capabilities, Reuters reports.

According to Lockheed executives, social media, websites and malware introduced by emails remain the major areas of concern.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.