LOLITA C. BALDOR
Associated Press Writer
WASHINGTON—Cyber hackers nearly two years ago breached a high-tech jet fighter program developed for the Pentagon by Lockheed Martin Corp., but classified information was not compromised, a senior defense official said Tuesday.
No details about the attacks were provided. The defense official spoke on condition of anonymity because of the sensitive nature of the issue.
In confirming the attack on Lockheed's F-35 Lightning II program, also known as the Joint Strike Fighter, the defense official said it is unclear who did it, or whether it was an attempt at corporate thievery or a hacker trying to harm the program. The Pentagon is expected to pay about $300 billion to buy nearly 2,500 of the F-35 jets for the Air Force, Navy and Marines.
The cyber spying revelations come as the White House is preparing to release its review on the nation's cyber security. There have been increasingly frequent warnings that U.S. networks are at risk and repeatedly are being probed by foreign governments, criminals or other groups.
Lockheed officials issued a carefully worded statement saying that "to our knowledge there has never been any classified information breach" but that the company's systems are continually attacked, and there are measures in place to detect and stop the hacking.
The statement did not specifically deny a breach into unclassified information or less sensitive areas of the program. The cyber attacks were first reported by The Wall Street Journal.
Pentagon spokesman Bryan Whitman said Tuesday that Defense Department networks are probed repeatedly every day, and the number of intrusion attempts have more than doubled. While he would not discuss the Lockheed incident, he said there obviously are some computer programs that are far less sensitive or classified than others. Whitman cautioned that hackers' ability to get information out of military systems should not be overestimated.
Whitman described a layered approach to the government's protections, saying that as the information becomes more sensitive, it is more walled off and safeguarded.
"We view cyberspace as a war-fighting domain ... and we are going to defend it and protect it," Whitman said. "The key is to stay one step ahead of your enemy."
Defense Secretary Robert Gates told CBS News on Tuesday: "We are under cyberattack virtually all the time, every day here. We think we have pretty good control of our sensitive information, both with respect to intelligence and equipment systems."
Gates said he is dramatically increasing the resources for cyber experts,
"We're going to more than quadruple the number of experts in this area," he said. "This is going to be an enduring problem."
Another official familiar with the program said that the more classified portions of the fighter program are digitally walled off and have heightened protections built in.
That official added that outside cyber scans of the fighter program are not new, and that they could well involve subcontractors and suppliers around the world. Those scans may not involve critical, classified systems, the officials said.
Lockheed Martin Corp. is the lead contractor on the jet, with a number of other companies that include Northrop Grumman Corp. and BAE Systems making parts and systems for the plane.
According to U.S. counterintelligence officials, this is not the first military jet program that has been hacked.
During a speech in Texas this month, Joel Brenner, head of the U.S. Office of the National Counterintelligence Executive, said that officials have seen counterfeit computer chips "make their way into U.S. military fighter aircraft."
Brenner added: "You don't sneak counterfeit chips into another nation's aircraft to steal data. When it's done intentionally, it's done to degrade systems, or to have the ability to do so at a time of one's choosing."
His comments were not related to the F-35, according to administration officials. Brenner also has warned that careless, laid-off or disaffected employees can often be the root of corporate cyber leaks. Foreign governments or groups, he said, plan computer attacks that take advantage of sloppy workers or bad network management practices.