Menu
US military unaware of Chinese attacks against transport contractors

US military unaware of Chinese attacks against transport contractors

The Defense Department has been ordered to close gaps in how cyber incidents are reported

The U.S. Defense Department plans to tighten reporting of cyber incidents against transportation contractors after the military found it was mostly left in the dark about successful attacks from China, according to a Senate report.

The Senate Armed Service Committee released on Wednesday an unclassified version of a report commissioned last year to investigate cyberattacks against contractors for the U.S. Transportation Command (TRANSCOM).

TRANSCOM relies on an extensive network of civilian airline and shipping contractors to move supplies and people during a crisis.

It alleges the Chinese military successfully stole emails, documents, login credentials and more from contractors, but few of those incidents were ever reported to TRANSCOM.

During a one-year period starting in June 2012, TRANSCOM contractors endured more than 50 intrusions, 20 of which were successful in planting malware. TRANSCOM learned of only two of the incidents. The FBI, however, was aware of 10 of the attacks.

In 2010, TRANSCOM began requiring its contractors to report cyber incidents. The measure applied to 80 companies, but through August 2013 the agency received only those two reports.

In some cases, the FBI and Defense Department had identified companies that were victims of cyberattacks but were unaware the companies were TRANSCOM contractors, the report said.

"Peacetime cyber compromises of operationally critical contractors could prove valuable to foreign countries, such as China, as a source of intelligence about network operations," it said.

In one instance in 2013, the report said China's military conducted a spear-phishing campaign against commercial logistics companies. Spear-phishing involves targeting key employees of an organization via email and trying to trick them into installing malware.

One of the companies ended up with malware on their network after an attack, the report said.

As a result of the report, the Senate Armed Services Committee inserted a provision in the fiscal year 2015 defense budget requiring tighter reporting for contractors.

The Defense Department has also been ordered to establish new procedures to help contractors detect and stop cyberattacks.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags securityintrusionU.S. Senate Armed Services Committee

Featured

Slideshows

Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Show Comments