The United States Transportation Command (USTRANSCOM) is working to improve cybersecurity infrastructures to prevent breaches of industry partners, like those of USTRANSCOM contractors that began June 1, 2012 and resulted in 20 successful intrusions over a period of 12 months by Chinese hackers.
During a Senate Armed Services Committee hearing on U.S. European and Transportation Commands, Gen. Stephen Lyons, Commander at USTRANSCOM, said it would be problematic if an “advanced, persistent threat actor” were on the systems of private sector partners.
“We’ve introduced language into our contracts, we do self-assessments—we do a level of analysis on that,” Gen. Lyons said when asked what steps they were taking to prevent breaches into USTRANSCOM systems via private sector partners.
Sen. Angus King, I- Maine, suggested that more should be done to prevent any future breaches and that self-analysis wasn’t enough to make him sleep peacefully at night. Sen. King asked if there were red teams in place for mock attacks on private sector partners as an exercise to expose vulnerabilities to which Gen. Lyons said there was not.
“I would urge you to consider that as an option—in other areas of the government that’s been very effective,” Sen. King said.
Sen. Marsha Blackburn, R-Tenn., asked for an update on how USTRANSCOM is responding in the years since the breach by Chinese hackers and how they’re dealing with contractors. Gen. Lyons told the Senate Armed Services Committee that USTRANSCOM was approaching things from several angles including maintaining a high level of collaboration with U.S. Cyber Command, updating contractual language for industry partner contracts, and ensuring industry partners meet the standards of the National Institute of Standards and Technology.
“I tell folks this is a war-fighting domain, so there’s no one thing that’s going to solve this, so we’ve got multiple things going on,” Gen. Lyons said.