When a defense contractor gets hacked repeatedly, you know cybersecurity is a problem

QinetiQ North America, a prominent defense contractor to the U.S. government, endured extensive on-again-off-again hacks in 2007-2010 from spies in China, resulting in the loss of many terabytes of sensitive data, including more than 10,000 passwords, chip architecture for military robots and weapon information, according to an article from Bloomberg Thursday.

The hackers accessed confidential data across multiple facilities from laptops and servers alike, the article stated. To avoid being observed on a company network, in one instance the hackers siphoned out data in small quantities. And QinetiQ’s own employees apparently removed software put on their computers to detect malware after becoming frustrated with how it impacted the performance of their computers: with the IT department’s permission.

Depite the known hacks, the federal government awarded a cybersecurity contract to QinetiQ in 2012, according to the article. QinetiQ sells two cybersecurity products, the Knowledge Discovery Appliance and the Social Engineering Protection Appliance among other offerings, although the article noted that many defense contractors have also suffered from cyberattacks.

While federal agencies have investigated the hacks, QinetiQ retains its ability to work with military technology, according to the Bloomberg report, even though hacks have resurfaced many times over a several-year period, and even when it’s in the government’s best interest to shut down what has effectively served as a back door into federal networks. The article reported that “the State Department lacks the computer forensics expertise to evaluate the losses.” That’s pretty bad — and the problem might only get worse as the the federal government looks at ways to consolidate its IT footprint.

Following on a string of cyberattacks on companies earlier this year, the news of the QinetiQ hacks is another example of the need for better security protections for businesses and other organizations. It also calls into question whether the feds can do more to prevent cyberattacks.

And it points to an opportunity. If this is the golden age of enterprise IT, brought on by big disruptions such as cloud computing and the bring-your-own-device trend, security could become an even hotter space over the next few years for VCs to back.

Feature image courtesy of Shutterstock user alexskopje.