Lockheed Strengthens Network Security After Hacker Attack

Lockheed Martin said on Sunday that it had stepped up its investigation into a sophisticated hacking attack on its computer networks and bolstered security measures for gaining remote access to its systems

Lockheed and RSA Security, which supplies coded access tokens to millions of corporate users and government officials, said they were still trying to determine whether the attack had relied on any data that hackers had stolen from RSA in March or if it had exploited another weakness.

Lockheed, which is based in Bethesda, Md., said on Saturday night that the attack, which occurred on May 21, was “significant and tenacious.” Lockheed officials said they had stopped the attack shortly after hackers got into a system, adding that no customer or company data was compromised.

Sondra Barbour, Lockheed’s chief information officer, sent a memo to the company’s employees on Sunday, saying that its systems remained secure. She said Lockheed had quickly shut down remote access to its network after the attack began.

Still, the attack was significant enough that it was described in briefing materials provided to President Obama, the White House spokesman, Jay Carney, said on Sunday. He said the damage was “fairly minimal.”

Government officials have said Lockheed Martin, the nation’s largest military contractor, and other military companies face frequent attacks from hackers seeking national security data.

Officials at Lockheed and RSA Security, a division of the EMC Corporation that provides the SecurID brand of electronic access tokens, said they were working with federal officials to investigate how the attack occurred and who was behind it.

Ms. Barbour said Lockheed also had accelerated a plan to increase network security. The company has upgraded the SecurID tokens supplied by RSA and is resetting all user passwords. Lockheed also switched to eight-digit access codes from four-digit codes, which are randomly generated by the tokens.

Lockheed officials said on Friday that the attack on its systems might have been linked to one on the RSA network in March. At the time, RSA said it had sustained a data breach that could have compromised some of its security products. Its announcement shocked computer security experts, particularly because its systems are widely used.

Shortly after RSA announced that breach, Lockheed, like many other large companies, said it had added an additional password to the process employees used to connect to its system from remote locations.