Navy Must Work To Secure Its Platforms, Networks And Installations From Cyber Attack

[InfoSec News <alerts () infosecnews org>]

https://www.realcleardefense.com/articles/2019/11/14/navy_must_work_to_secure_its_platforms_networks_and_installations_from_cyber_attack_114851.html

By Dan Goure
RealClear Defense
November 14, 2019

The threat to the U.S. Navy from cyber intrusion has become a crisis. Hackers, 
particularly those from Russia and China, are not limiting themselves to 
attacks on computers and networks. Now they are engaged in a massive assault on 
the entire Navy enterprise, including ships, weapons systems, research and 
development establishments, the supply chain, and shore facilities. According 
to a recent report, the Navy and its private sector partners are inadequately 
prepared to deal with the growing threat. But the Navy is working to improve 
the security of its systems and networks. It is requiring industry to get 
secure. Critical to this effort will be the adoption of technologies and 
techniques that provide continual monitoring of all networks and devices and 
the prompt identification and isolation of non-compliant devices and software.

Evidence that a massive cyber campaign is being waged against the Navy, and 
every organization associated with it is mounting. The defense industrial base 
and associated supply chains are under constant assault. The hackers have two 
objectives: steal U.S. defense secrets and undermine confidence in the ability 
of the industrial base to function during a conflict. In 2018, Chinese 
government hackers successfully penetrated a major Navy contractor’s network, 
making off with more than 600 GB of sensitive and secret data, including 
information on a Navy program to develop a supersonic anti-ship missile. The 
Navy’s shore infrastructure is being subjected to repeated attacks. Hackers 
particularly go after the facility-related control systems that monitor and 
direct critical functions such as utilities, fire and safety, and security. It 
is worth noting that the Department of Defense has recognized the problem of 
control systems’ vulnerabilities and has a list of tested and approved control 
system products.

Even ships may be vulnerable to cyber intrusions. Several years ago, the Navy 
found major cyber vulnerabilities in the networks of the new Littoral Combat 
Ship. Cyber attacks may constitute a particularly serious problem for logistics 
vessels providing critical support for U.S. operations overseas. The Coast 
Guard has sent out two alerts this year alone reporting on hacking attacks on 
the navigation and networks of commercial vessels in international waters. This 
should not be surprising since the major systems on both commercial and 
military vessels are increasingly managed by automated control systems and 
sensors. The potential vulnerability of Navy vessels to cyber attack is likely 
to get worse as the service works to build a larger fleet, deploy unmanned 
vessels, implement distributed operations, and expand its networks.

In March 2019, the Navy published its Cybersecurity Readiness Review. The 
report declared that “competitors and potential adversaries have exploited DON 
information systems, penetrated its defenses, and stolen massive amounts of 
national security I.P." A primary focus on these hacking campaigns has been to 
penetrate the systems and networks on which the Department of Defense and the 
defense industrial base rely to design, build, mobilize, deploy, and sustain 
forces. Perhaps even more damaging has been the concerted effort by these 
enemies to target the U.S. economy and, in particular, the industrial base. Not 
only is the long-term health of the U.S. economy, on which a strong military 
relies, at risk, but so too is the military-technical superiority which 
provides the Navy with the basis for victory in conflict. The report warns that 
if the ongoing deluge of cyber assaults is not successfully countered, U.S. 
national security and the ability of the United States to prevail in a future 
great power confrontation will be at risk:

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_