RSA to replace SecurID tokens following breaches

Amid a wave of cyberattack against Lockheed and other companies, the SecurID maker is offering to replace the tokens for customers concerned about risk to their networks and data.

RSA open letter re SecurID tokens
RSA

Following recent cyberattacks against several defense contractors, in which hackers breached security using stolen SecurID keys, SecurID maker RSA is promising to replace the tokens for customers concerned about the vulnerabilty of their network data.

In an open letter to all SecurID customers, RSA Executive Chairman Art Coviello acknowledged that the likely motive behind the March theft of SecurID token information was to obtain defense secrets and related intellectual property. RSA specifically warned customers at the time that the theft could breach their security.

In late May, defense contractor Lockheed Martin revealed that it had been attacked by intruders who had created duplicates of the stolen SecurID keys. Incidents also occurred at L-3 Communications and Northrop Grumman. Security experts have told CNET that the attacks could be tied to cyberespionage campaigns waged from China .

Related links
• China linked to new breaches tied to RSA
• Lockheed Martin confirms it came under attack
• What the RSA breach means for you (FAQ)

A SecurID token generates a constantly changing series of numbers that employees of a company can use in combination with their own passwords to access their corporate networks.

Though unrelated to the SecurID incident, a wave of cyberattacks have recently hit other companies, including Epsilon , Sony , Google , PBS , and Nintendo , which Coviello said "point to a changing threat landscape and have heightened public awareness and customer concern."

In an effort to calm customers worried about their own security, Coviello said that although he remains confident in SecurID as an authentication system, RSA will expand its security efforts in two key ways:

• It will replace the SecurID tokens for customers that need to protect their intellectual property and corporate networks, which in essence could apply to all of the company's customers.

• It is offering to set up specific "risk-based authentication strategies" for customers with a large number of users who typically conduct online financial transations.

Coviello is promising to work with customers to review their risk levels and user base to determine which option would be most effective and yet the least disruptive to their operations.

Beyond these measures, Coviello said that the company plans to continue to invest in its SecurID technology in an attempt to strengthen its authentication and its ability to detect "suspicious behavior targeted at networks, transactions and user sessions."

About the author

Journalist, software trainer, and Web developer Lance Whitney writes columns and reviews for CNET, Computer Shopper, Microsoft TechNet, and other technology sites. His first book, "Windows 8 Five Minutes at a Time," was published by Wiley & Sons in November 2012.

 

ARTICLE DISCUSSION

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

Hot on CNET

CNET's giving away a 3D printer

Enter for a chance to win* the Makerbot Replicator 3D Printer and all the supplies you need to get started.