Lockheed Attack Linked to RSA?RSA SecurID Breach Could be at Root of Network Disruption
Speculation about a connection between Lockheed Martin's network disruptions and the RSA hack has been publicized by The New York Times and other media outlets, although no definitive link has been confirmed. Lockheed Martin, like numerous private and public sector organizations, uses RSA token products to secure its network access.
According to a statement, Lockheed Martin, the country's largest military contractor, is still investigating the root of the attack, now being referred to as "significant and tenacious," which was discovered May 21.
"The company's information security team detected the attack almost immediately, and took aggressive actions to protect all systems and data," Lockheed Martin says. "Our systems remain secure; no customer, program or employee personal data has been compromised."
In response, Lockheed Martin says it has taken action to increase systems security, adding that it felt confident about "the integrity of our robust, multi-layered information systems security."
On Sunday, Lockheed Martin CIO Sondra Barbour said in a statement to the company's 126,000 employees that the organization has been taking "aggressive actions" since the intrusion was detected. These actions included shutting down the VPN network and launching a plan to strengthen IT security. "These actions have included resetting all user passwords, upgrading our remote access SecurID tokens, and adding a new level of security to our remote access network log-on procedure," Barbour states.
Lockheed Martin, headquartered in Bethesda, Md., is a global security company employing roughly 126,000 people worldwide.
Implications Far-ReachingThe RSA breach was revealed in March by RSA Executive Chairman Art Coviello, who in a posting on the RSA website said the security vendor had been the victim of what he characterized as an extremely sophisticated attack aimed at its SecurID two-factor authentication products. A company investigation led officials to believe the attack is in the category of an advanced persistent threat. An APT refers to sophisticated and clandestine means to gain continual, persistent intelligence on a group such as a nation or corporation. Since then, RSA has worked with customers to explain and mitigate any potential damage resulting from the breach.
If a link between the RSA and Lockheed Martin attacks is comfirmed, the implications could be far-reaching for organizations across industry. RSA's token technology is widely used and for years has been regarded as being a top security product. [See RSA Breach: What Did We Expect?]
Josh Corman, research director of enterprise security at analyst firm The 451 Group, says the March attack on RSA highlights the vulnerability of having all intellectual security property in one proverbial bucket. "It seems scary when the intellectual property of a security firm is targeted," Corman says. "And when attackers are prioritizing and attacking your security infrastructure, it potentially prevents our ability to protect our environment. ... The bar isn't high enough to stave off the attacks," Corman says.
Soon after the RSA breach was discovered, Department of Homeland Security spokeswoman Amy Kudwa said the DHS was taking the hack of SecurID tokens seriously, adding that the department was working with RSA to investigate the attack.
"We take threats to our cyber infrastructure as seriously as we take threats to our conventional, physical infrastructure," Kudwa said.
RSA in March also listed nine recommendations for enhanced security in light of the breach. The Financial Services - Information Sharing and Analysis Center also released recommendations for financial institutions that could be impacted by a SecurID breach.
FS-ISAC recommends institutions:
- Protect against diirect attacks on SecurID servers and against the SecurID tokens;
- Reinforce awareness about phishing and the risks associated with social-networking sites;
- Protect user credentials and authenticators.