Chinese-backed hackers infiltrated the computer networks of airline, shipping and information technology companies responsible for transporting personnel and weapons for the U.S. military, a Senate investigation found.
There were 20 such breaches between June 2012 and May 2013, giving the hackers insight into military logistics and a foothold that could be used to disrupt operations, according to a report today by the Senate Armed Services Committee.
While public attention has focused on the hacking of companies like JPMorgan Chase & Co. and Home Depot Inc., the U.S. Defense Department confronts persistent digital incursions aimed at stealing military secrets and potentially disrupting vital computer networks. Private airlines provide more than 90 percent of Defense Department personnel movement and more than one-third of bulk cargo capability, according to the report.
“Peacetime cyber compromises of the networks of operationally critical contractors could prove valuable to foreign governments as a source of intelligence about network operations or to establish a foothold in contractor networks, either of which could be exploited in a contingency,” the committee said.
The Defense Department said in a statement that it takes the findings “very seriously” and that it’s addressing “gaps” identified in the report.
“This is a very high priority for the department,” according to the statement.
The report didn’t identify any of the companies that were successfully breached or reveal whether any information was stolen.
The top five companies, based on contracts awarded since 2010 by Transportation Command for shipping and transport services, are: FedEx Corp., Evergreen Holdings Inc., A.P. Moeller-Maersk A/S, United Parcel Service Inc. and Neptune Orient Lines Ltd., according to data compiled by Bloomberg Intelligence.
Hacking risks are growing and top the list of global threats, Director of National Intelligence James Clapper told the Senate’s intelligence committee in January. It was the second year in a row that hacking threats were the top concern.
There were 50 successful intrusions or other types of attacks targeting contractors of the Transportation Command during the one-year period reviewed by the Senate committee. At least 20 of those attacks were believed to be carried out by hackers from the Chinese government, according to the report.
Transportation Command was made aware of only two of the Chinese attacks, which is “a troubling finding given the potential impact of cyber intrusions on defense information and operations,” the committee wrote.
Chinese military doctrine advocates targeting logistics networks to hinder the Pentagon’s ability to operate during conflict, the committee said.
The report identified systematic problems in the command’s awareness of cybersecurity vulnerabilities and the sharing of information between agencies.
Many cyber intrusions weren’t reported to the command due to “a lack of common understanding” between it and the contractors about what needed to be flagged, the committee said. Additionally, other offices within the Defense Department, as well as the Federal Bureau of Investigation, were “frequently unaware that companies they had identified as victims of cyber intrusions were TRANSCOM contractors,” the committee said.
“These shortcomings left TRANSCOM uninformed about the overwhelming majority of cyberintrusions affecting contractor networks,” the committee said.