WASHINGTON — Boeing on Thursday confirmed that it had been hit by the WannaCry ransomware attack, but the company says the problem was limited to “a few machines” on its commercial side and did not spread into its defense business.
According to The Seattle Times, which broke the story Thursday, Boeing Commercial Airplanes’ chief engineer for production engineering Mike VanderWel issued a memo to employees shortly after the virus had been discovered. He believed that the cyber attack may have forced some of the machines used to produce the Boeing 777 to crash.
That lead to speculation within the defense community that the attack could have also impacted production of Boeing’s commercial derivative planes such as the U.S. Air Force’s KC-46 tanker or Navy’s P-8 maritime surveillance aircraft, or even compromised those planes’ components or computing equipment.
When Boeing confirmed the attack on Thursday night, officials downplayed the attack.
“Our cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems,” Linda Mills, vice president of communications for Boeing Commercial Airplanes, said in a written statement. “Remediations were applied and this is not a production or delivery issue.”
Mills later told The Seattle Times that, in fact, the ransomware had never actually caused any of the 777 tooling to shut down. Instead, the virus was contained to a small number of computers used by the Commercial Airplanes division in North Charleston, S.C., with no effect to Boeing Defense, Space and Security.
“The vulnerability was limited to a few machines,” she said. “We deployed software patches. There was no interruption to the 777 jet program or any of our programs.”
Sign up for our Daily Brief Get the top Cyber headlines in your inbox every weekday morning.
The WannaCry virus affects computers running the Microsoft Windows operating system and holds the system ransom in exchange for Bitcoin or other cryptocurrency. After WannaCry was discovered in 2017, Microsoft developed software patches to prevent computers from becoming victims. However, hackers have tweaked the original code producing new versions of the virus.
It’s not clear from Boeing’s statement if the machines attacked had been sufficiently patched.
The United States government has said that North Korea is likely behind the original ransomware.
Although the cyberattack may not have directly impacted Boeing’s military programs, Defense Department officials and politicians will very likely have questions for company executives on how Boeing protects its facilities from cyber threats.
On Thursday morning, Air Force Chief of Staff Gen. Dave Goldfein said he had not yet been briefed on whether the attack holds any significance for Air Force programs like the KC-46, a derivative of the Boeing 767 manufactured on the commercial production line in Everett, Washington.
“Now what we’re doing is doing the analysis to see what does that really mean to us, and so it’s really too early to tell,” he said.
In February, Patrick Shanahan, the deputy secretary of defense, said the Pentagon and its contractors need to take a more rigid and uncompromising approach to cybersecurity.
Valerie Insinna is Defense News' air warfare reporter. She previously worked the Navy/congressional beats for Defense Daily, which followed almost three years as a staff writer for National Defense Magazine. Prior to that, she worked as an editorial assistant for the Tokyo Shimbun’s Washington bureau.