UPDATED 06:46 EDT / MAY 31 2011

Lockheed Martin Network Disruption Connected to RSA SecurID

sr71-blackbird Last Friday, the network of Lockheed Martin, the largest U.S. defense contractor, suffered a disruption that has reportedly been connected to RSA SecurID tokens—little keychain fob dongles that use a crypto algorithm to cycle a numerical token every 60 seconds, a sort of rotating password, if you will. Lockheed themselves declined to discuss any specifics with Reuters, but this news is still making the rounds.

Best known for their aeronautics work on the F-22 and F-35 fighter planes and other U.S. weapon systems, such a disruption or even penetration of Lockheed’s network brings with it a lot of grim speculation. The network hack manifested itself as a disruption (or a slowing down of queries) when security personnel first noticed suspicious activity amid the employee connections. As a result, Lockheed intentionally took their VPN offline in order to investigate.

As we might recall, EMC’s security division, RSA, suffered a hack in March that exposed some cryptographic information directly related to the SecurID dongles. This fact already generated some storms in the politics of security in the cloud as many companies use RSA’s crypto technology to protect themselves from cyber threats and discourage intrusions.

The slowdown began on Sunday after security experts for the company detected an intrusion to the network, according to technology blogger Robert Cringely. He said it involved the use of SecurID tokens that employees use to access Lockheed’s internal network from outside its firewall.

A spokesman for EMC Corp (EMC.N), whose RSA division makes the tokens, declined to comment, saying it is company policy to never discuss security issues affecting specific customers.

No doubt, if they are connected it will be a black-eye for EMC and RSA’s security credibility. Even if it’s not, they’re deploying damage control because the possibility that the hack was involved does not portray them in a good light. However, as they do act as a security vendor for Lockheed Martin, they will probably be deeply involved in assisting the investigation, which means they might come out the hero in this if they can turn this crisis into a learning experience for everyone who uses dongle-based crypto-security.

Step one, according to Steve Winterfeld of TASC, a company spun off from Northrop Grumman, will be for RSA to release further information about the facts and disposition of the intrusion they suffered in March. The communication blackout concerning their role (and what may have been lost) is generating a lot of negative sentiment and paranoia about the reliability of their products in the wake of these new revelations.

“You have no idea how many people are freaked out right now,” Winterfeld told Reuters. “TASC is no longer treating the RSA device as if it were as secure as it was beforehand.”

EMC says that after they revealed the breach in March they immediately worked with the Department of Homeland Security to publish a note on the March attack. They also addressed the situations of individual customers on their security—which hopefully involved releasing new cryptographic keys, although the outcome has been characterized as “advice” in the media. Also those meetings have been covered with nondisclosure agreements so they’re opaque to observation of exactly what was done.

Right now it’s hard to say exactly what’s going on with the Lockheed Martin network disruption and its connection to SecurID. All of the players involved aren’t discussing the matter, the bloggers in question are making connections based on correlation rather than detailed evidence of causation, and security is a hot-button issue that tends to cause people to react before they think.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU