Defense Department partners with industry to stem staggering Cybertheft losses.

• Author: Magnuson, Stew
• Position: Cybersecurity

* The amount of intellectual property hackers are stealing from U.S. companies and sending to China is said to be staggering. The private sector's crown jewels arc being moved off nominally secure networks and transmitted to the Asian nation every day: usually from 9 to 5--Beijing time.

Defense contractors, large and small, are prime targets. Despite owning proprietary designs for equipment and software that are vital to the U.S. military, the Defense Department has no authority to force vendors to tighten up their network security, or report losses.

One small Defense Department program is seeking to help contractors by asking them to voluntarily report network intrusions.

About 36 companies and federally funded research and development centers are participating in the Defense Industrial Base Cybersecurity and Info Assurance Program, which collects and analyzes data on attacks on individual companies, then pushes reports out to the other participants.

Steven D. Shirley, executive director of the Department of Defense Cyber Crime Center in Linthicum, Md., said he is looking to expand the program to any defense contractor willing to participate.

"For companies, the intellectual property that is at the heart of their success as a business resides not in file cabinets today, it resides in their networks," Shirley told National Defense.

Cyberspies are looking for trade secrets: "The stuff that makes Acme company Acme company and enables it to compete in the marketplace," Shirley added.

Army Gen. Keith Alexander, commander of U.S. Cyber Command, said the ex-filtration of data from U.S. companies continues on a massive scale. It is the "greatest raid on intellectual property" in history, he said at the Maneuvering in Cyberspace conference in Linthicum, Md. One company he did not name had lost $ 1 billion in technology it had taken more than 20 years to develop, he said.

Lockheed Martin and Booz Allen Hamilton announced that they were infiltrated this year, but the only reason they could do so is "because they are good." They have the ability to detect intrusions. The bad companies, of which there are hundreds of times more than those two examples, have no idea that they have been compromised, Alexander said.

[ILLUSTRATION OMITTED]

Two reports released recently illustrate how far-reaching hackers have become.

Computer security firm McAfee examined the logs of an infected server to determine who the victims were, and how long the intrusions lasted before the operation was detected. It found 30 different industries on the list. Many were indeed military contractors and information...