The recent eruption of reporting on federal contractor organizations and recent compromises has certainly been alarming. As a result of this there have been a number of theories and conspiracies coming forward. At the root of these theories is a commonality derived from the RSA compromise where it is believed that the cryptographic keys for SecurID may have been taken. What these events mean to the enterprise however remains to be seen. With absolute certainty, federal institutions and their affiliates will be on watch for continued attacks, and if indeed RSA related, we can be sure that they are addressing deficiencies by all technological means possible.
The first reported attack was on Lockheed Martin, a breach in communication security was reported and the contractor shut down their network as executed. L-3 Communications, another large federal contractor reported actively being targeted by penetration attacks. An association with RSA was implied, but with few details. Northrop Grumman was reported to be subjected to a cyberattack last week, again the response was a shutdown of the network.
At this time, EMC and their RSA products cannot exactly be put in the line of fault. Without details that cause connection does not materialize. The common thread that these federal contractors are RSA customers is likely due to the fact that they are high security-focused environments that have these tools in the first place. That is not to say this is not a threat however, so the enterprise must react accordingly and scrutinize every piece of their security environment as sound practice dictates they should.
One insider at RSA shares the following:
“ The reason that there has not been a clear and reputable explanation of the event by RSA is that we do not have an indication that we are involved. While it is clear that there was an incident, little about the specifics of the intrusion have been made public by Lockheed”
“ we are not able to discuss the security matters of another customer publicly.”
“ Any speculation about SecurID at this point is just that – speculation. It looks like some bloggers drew a connection between our incident, and the incident at Lockheed and the press ran with the speculation.”
He further concedes:
“it is possible that there is more information which has not yet surfaced”
“Customers like Lockheed get attacked constantly and this one happened to be newsworthy. But there are specific things being reported which are completely false.”
This response indicates that Lockheed and other contractors would be on point to respond and share details. These are details that we may never receive at all due to the sensitive national security nature that exists in this realm.
Amongst the unconfirmed notions and theories about is whether these events comprise a national security attack, a coordinated, deliberate raid on security secrets by a foreign entity, government or coalition of such. Another reported theory is whether the attacks are being executed by freelance criminals, selling off whatever secrets they can grab to the highest bidder. Corporate espionage has been mentioned in some circles, with the convenience of perception that we would blame another country while secrets were being procured for competitive advantage. Another theory is whether some entity in the security field is showing their power and driving business to security products with these attacks. One story linked these events as a classic spy plot, complete with a murder and miscellaneous subterfuge. All theories that cannot be invalidated without further details, ranging from the likely to very unlikely, they will likely persist without further disclosure. Unconfirmed rumors that these attacks appear to be U.S. based have also been reported, potentially lending credence to one/any/all of the above.
The take-away from all of these events is not very obvious because of the intrigue and the targets involved. Make no mistake about it, that these are high-level, critical security organizations that have to date done security as well as it can be done and they are reacting accordingly. This is not a Sony scenario (or fiasco as some would put it). The only appropriate disclosure may very well be that these attacks have been reportedly overcome and that all known technical deficiencies have been overcome with further technology, process, and people.
That, in essence is the grand take-away – that organizations need to remain committed to vigilance, response, and proper focus on a comprehensive security plan. If you are an RSA customer, question the integrity of that technology, but do so as much as you scrutinize all else. Rest assured that no technology is 100% impermeable and address your entire security plan as a result of that.