The Defense Contract Management Agency, the U.S. federal government entity responsible for performing contract administration services for the Department of Defense, is responding to a suspected cybersecurity breach and has pulled a number of its servers offline while the investigation continues, KrebsOnSecurity has learned.
A notice posted to the DCMA’s home page communicates little about the investigation, other than to note that “corrective action is in progress,” and that “work is being done to restore service as quickly as possible.”
Contacted about the outage, DCMA spokesman David Wray said suspicious activity was detected on a DCMA public-facing server January 28, resulting in an ongoing investigation.
“So far, no DCMA, DoD or Defense Industrial Base data nor any Personal Identification Information has been breached. A cyber protection team from Joint Forces Headquarters, Department of Defense Information Network, is working with DCMA to enhance network security. DCMA’s website has been intentionally taken offline while the team investigates the activity. All other network operations have proceeded as normal.”
Wray declined to elaborate on the nature or extent of the intrusion. However, sources within the DCMA say the agency has been having “major system issues, including a number of internal systems.”
“We have been told it was due to issues with unscheduled maintenance, but the regular emails from [DCMA higher-ups] seem to indicate a larger, unspoken problem,” said one DCMA employee who asked to remain anonymous.
Sources say the problem relates not just to the DCMA’s main Web site but to resources that DCMA employees use for telework to review federal contracts between external companies and the Department of Defense.
This is a developing story. More as it becomes available. Stay tuned.