https://www.realcleardefense.com/articles/2019/11/14/navy_must_work_to_secure_its_platforms_networks_and_installations_from_cyber_attack_114851.html
By Dan Goure
RealClear Defense
November 14, 2019
The threat to the U.S. Navy from cyber intrusion has become a crisis. Hackers,
particularly those from Russia and China, are not limiting themselves to
attacks on computers and networks. Now they are engaged in a massive assault on
the entire Navy enterprise, including ships, weapons systems, research and
development establishments, the supply chain, and shore facilities. According
to a recent report, the Navy and its private sector partners are inadequately
prepared to deal with the growing threat. But the Navy is working to improve
the security of its systems and networks. It is requiring industry to get
secure. Critical to this effort will be the adoption of technologies and
techniques that provide continual monitoring of all networks and devices and
the prompt identification and isolation of non-compliant devices and software.
Evidence that a massive cyber campaign is being waged against the Navy, and
every organization associated with it is mounting. The defense industrial base
and associated supply chains are under constant assault. The hackers have two
objectives: steal U.S. defense secrets and undermine confidence in the ability
of the industrial base to function during a conflict. In 2018, Chinese
government hackers successfully penetrated a major Navy contractor’s network,
making off with more than 600 GB of sensitive and secret data, including
information on a Navy program to develop a supersonic anti-ship missile. The
Navy’s shore infrastructure is being subjected to repeated attacks. Hackers
particularly go after the facility-related control systems that monitor and
direct critical functions such as utilities, fire and safety, and security. It
is worth noting that the Department of Defense has recognized the problem of
control systems’ vulnerabilities and has a list of tested and approved control
system products.
Even ships may be vulnerable to cyber intrusions. Several years ago, the Navy
found major cyber vulnerabilities in the networks of the new Littoral Combat
Ship. Cyber attacks may constitute a particularly serious problem for logistics
vessels providing critical support for U.S. operations overseas. The Coast
Guard has sent out two alerts this year alone reporting on hacking attacks on
the navigation and networks of commercial vessels in international waters. This
should not be surprising since the major systems on both commercial and
military vessels are increasingly managed by automated control systems and
sensors. The potential vulnerability of Navy vessels to cyber attack is likely
to get worse as the service works to build a larger fleet, deploy unmanned
vessels, implement distributed operations, and expand its networks.
In March 2019, the Navy published its Cybersecurity Readiness Review. The
report declared that “competitors and potential adversaries have exploited DON
information systems, penetrated its defenses, and stolen massive amounts of
national security I.P." A primary focus on these hacking campaigns has been to
penetrate the systems and networks on which the Department of Defense and the
defense industrial base rely to design, build, mobilize, deploy, and sustain
forces. Perhaps even more damaging has been the concerted effort by these
enemies to target the U.S. economy and, in particular, the industrial base. Not
only is the long-term health of the U.S. economy, on which a strong military
relies, at risk, but so too is the military-technical superiority which
provides the Navy with the basis for victory in conflict. The report warns that
if the ongoing deluge of cyber assaults is not successfully countered, U.S.
national security and the ability of the United States to prevail in a future
great power confrontation will be at risk:
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
