Defense Contract Management Agency Investigating Possible Cyber Breach

By Eric Noonan • February 10, 2015

In the latest cybersecurity breach, the Defense Contract Management Agency (DCMA), responsible for administrating contracts on behalf of the Department of Defense (DoD), has taken several of its servers offline in response to a potential cybersecurity incident.  According to Krebsonsecurity, a Cyber Protection strike team from the DoD is now working closely with the DCMA to elevate its security posture following the incident.

“So far, no DCMA, DoD or Defense Industrial Base data nor any personal identification information has been breached (…) DCMA’s website has been intentionally taken offline while the team investigates the activity,” the spokesperson says. “All other network operations have proceeded as normal (…)”

David Wray, DCMA Spokesman

The two-week-long “Corrective Action” message found on the home page of the DMCA.

According to an unidentified source in the DCMA, the agency has been having “major system issues, including a number of internal systems.” This incident adds to the string of cyber attacks on US Government systems from the U.S. Central Command’s Twitter and YouTube accounts, the United States Postal Service data breach, the National Oceanic and Atmospheric Administration website compromise, and the White House’s unclassified network breach.

 

What was the Attack Vector?

DCMA employees leverage resources for telework to review federal contracts between external companies and the DoD. At CyberSheath, we have seen a number of successful cyber attacks leverage these third party relationships and integrations to gain access to the internal trusted network of a partner. This methodology also follows the trends of recent attacks against the US Government. Albeit, this is only speculation as we do not have enough information to analyze who and how the attackers breached DCMA.

 

What was the Motivation?

It is highly likely that hackers targeted DCMA in an effort to obtain intel on the entities that hold specific contracts for the DoD so that they may target those entities and breach more sensitive networks. Alternatively, the groups responsible may be trying to release confidential information to the public to embarrass the US Government. In either case, this attack may set the stage for a greater incidence in the coming weeks.

Cybersheath Blog

CMMC Compliance Dashboard: Gain New Visibility into Compliance

CMMC is not a compliance framework. It’s a maturity model. That has big implications for how you approach compliance, but also how you keep track of all the elements that make up compliance. And yet, visibility has been one of the most difficult challenges facing DIB contractors. It used to…

CMMCEnclave: Add Versatility with a More Flexible Approach

The enclave approach to CMMC compliance is one of the most cost effective and least disruptive ways to safeguard CUI. You can maintain high-value custodial security of CUI without upending your existing processes, procedures, and people. That way, you can maintain the proper level of CMMC compliance and remain eligible…

How to Offboard Your Managed Services Provider

For any of a variety of reasons including lack of communication, slow response times, or prolonged downtime, your organization has decided to change your managed service provider (MSP). Whether you have already signed an agreement with a new MSP or you are actively looking for a replacement, now is the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft