WASHINGTON — The Defense Department suffered one of its worst digital attacks in history in March, when a foreign intelligence service hacked into the computer system of a corporate contractor and obtained 24,000 Pentagon files during a single intrusion, senior officials said Thursday.
The disclosure came as the Pentagon released a strategy for military operations in cyberspace, embodying a belief that traditional passive programs for defending military and associated corporate data systems are insufficient in an era when espionage, crime, disruptions and outright attacks are increasingly carried out over the Internet.
In releasing the strategy, William J. Lynn III, the deputy defense secretary, disclosed that over the years crucial files stolen from defense and industry data networks have included plans for missile tracking systems, satellite navigation devices, surveillance drones and top-of-the-line jet fighters.
“A great deal of it concerns our most sensitive systems, including aircraft avionics, surveillance technologies, satellite communications systems and network security protocols,” Mr. Lynn said.
Officials declined to identify the military contractor whose data system was compromised in the March attack. They also refused to name the nation they suspected was the culprit, saying that any accusation was a matter of official, and perhaps confidential, diplomatic dialogue.
However, when major intrusions against computers operated by the Pentagon, the military or defense industry contractors have occurred in the past, officials have regularly blamed China, and sometimes Russia.
The hacking attack in March, which stole important Pentagon files in the computer network of a contractor developing a military system, had not been previously disclosed. Other breaches have been discussed, including earlier this year at Lockheed Martin, the nation’s largest military contractor, and at RSA Security, which produces electronic identification for computer users.
“Current countermeasures have not stopped this outflow of sensitive information,” Mr. Lynn said during a speech at the National Defense University. “We need to do more to guard our digital storehouses of design innovation.”
The Pentagon’s new strategy, the final piece of an effort by the Obama administration to defend computer networks operated across the government and private sector, calls for what is termed dynamic defense: looking for potential attackers on the Internet rather than waiting for an intruder to attack. It also calls on the Pentagon to build resiliency into its computer networks to help recover if attacked.
Mr. Lynn also stressed the importance of cooperation with foreign partners to spot computer network threats overseas, before they compromise systems here.
But James Lewis, an expert on computer network warfare at the Center for Strategic and International Studies, said the Pentagon’s computer networks were vulnerable to security gaps in the systems of allies with whom the military cooperates. America’s allies are “all over the map” on cybersecurity issues, Mr. Lewis said. “Some are very, very capable — and some are clueless.”
The military’s Cyber Command was created to coordinate defensive and offensive operations for Pentagon and military computer networks. Officials speak obliquely of its capabilities for carrying out offensive operations in cyberspace if ordered by the president. And for now, the new strategy is centered on how the United States can defend itself.
But Gen. James E. Cartwright, the vice chairman of the Joint Chiefs of Staff, said the Pentagon also had to focus on offense — including the possibility of responding to a cyberattack with military action.
“If it’s O.K. to attack me, and I’m not going to do anything other than improve my defenses every time you attack me, it’s very difficult to come up with a deterrent strategy,” General Cartwright told reporters on Thursday.