Cyber Incident Victim: Defense Contract Management Agency
Date:
Jan 2015
Location:
United States of America
Summary
The Defense Contract Management Agency experienced a cybersecurity breach involving suspicious activity on a public-facing server, prompting an investigation and the temporary shutdown of affected systems including its main website and employee telework resources. While the agency stated no sensitive data or personal information was compromised, internal sources reported major system disruptions and described ongoing issues suggesting broader operational problems beyond publicly acknowledged maintenance. A Department of Defense cyber protection team assisted with network security enhancements during the outage, though the full scope of the intrusion remained undisclosed. Normal operations continued for unaffected network services while corrective actions were implemented.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 28, 2015, the Defense Contract Management Agency (DCMA) detected suspicious activity on a public-facing server, prompting an immediate investigation. The agency, responsible for administering Department of Defense contracts including Foreign Military Sales, took corrective action by intentionally taking its main website and affected servers offline while maintaining normal operations for other network systems. DCMA spokesman David Wray confirmed the incident but stated no evidence indicated compromise of DCMA, DoD, or Defense Industrial Base data, nor any exposure of Personal Identification Information. A cyber protection team from the Joint Forces Headquarters, Department of Defense Information Network, collaborated with DCMA to investigate the breach and enhance network security measures. The agency’s public notification described the outage as temporary, with restoration efforts underway, but provided no specifics about the intrusion’s nature or scope.
Internal sources reported broader system disruptions beyond the official statement, citing "major system issues" affecting multiple internal resources. Employees described operational challenges with telework systems essential for reviewing federal contracts between external companies and the DoD, though DCMA leadership attributed disruptions to "unscheduled maintenance" in communications. Anonymous agency personnel suggested the problems indicated a larger unresolved issue, contradicting the public characterization of the incident. The investigation remained ongoing as of February 10, 2015, with no further details released regarding attack vectors, potential threat actors, or forensic findings. Service restoration timelines and full operational impacts were not disclosed publicly during the initial response phase.