recommended reading

Hagel Wants Unclassified Sensitive Data Protected From Cyber Spying

Defense Department file photo

U.S. Defense Secretary Chuck Hagel has ordered the Defense Department to take steps to reduce cyber hackers' ability to gain access to unclassified controlled data, according to a Thursday report from the Pentagon's American Forces Press Service.

In an Oct. 10 memo laying out the new directives, Hagel said, "stolen data provides potential adversaries extraordinary insight into the United States' defense and industrial capabilities and allows them to save time and expense in developing similar capabilities."

Hagel has ordered the offices of the undersecretaries of Defense for acquisition, technology and logistics; policy; and intelligence, as well as the head Pentagon information officer, to cooperate in developing any needed alterations to department policy, recommendations and regulations in order to limit unauthorized entities from gaining access to unclassified sensitive data located on or transmitted through defense firms' computers or networks.

"Protection of this data is a high priority for the department and is critical to preserving the intellectual property and competitive capabilities of our national industrial base and the technological superiority of our fielded military systems," Hagel wrote.

The Pentagon's Defense Security Service, which works to minimize unauthorized access to U.S. weapons system details, in its fiscal 2012 report found that for the first time cyber espionage had become the favorite collection method for foreign entities seeking technical information about U.S. defense technologies.

A separate 2013 report by the Pentagon's advisory Defense Science Board concluded Chinese cyber sleuths had successfully gained access to the blueprints of a number of U.S. ballistic missile defense systems with roles in the Asia-Pacific.

The pilfering of unclassified controlled technical information has grown to become a major issue for U.S. industries, Pentagon spokeswoman Jennifer Eleza said. Among the unclassified but still-sensitive information being targeted is data on systems production, parts manufacturing, schematics, engineering, defense system requirements and concepts of operations.

The Pentagon has proposed amending its rules for acquisition and contracting, according to Eleza. The suggested changes would mandate that defense contractors include certain security protocols in their networks and report when cyber-breaches result in the theft of unclassified controlled data.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.