OCTOBER 1, 2019 – The cyber threat to the Navy is real, and the stakes are high.
“If you’re asking me if I think we’re at war, I think I’d say yes…We’re at war right now in cyberspace. We’ve been at war for maybe a decade. They’re pouring oil over the castle walls every day.”
-Commandant of the Marine Corps
“We find the DON preparing to win some future kinetic battle, while it is losing the current global, counter-force, counter-value, cyber war. Knowing and acting on that new reality is essential for the DON.”
– Secretary of the Navy Cybersecurity Readiness Review
While much of this war in the cyber realm is being waged by cyber professionals, anyone (military/civilian/contractor) who logs onto a Navy system or network – from any device – is entering that cyber battlespace. Their actions impact our cybersecurity.
Other combatants in the cyber war are acquisition professionals and our industry partners: acquisition professionals because they decide how survivable future systems will be in a cyber-contested environment, and industry partners because they prevent Navy data from being stolen through cyber-attacks.
Anyone with a personal computer, smart phone or smart device is also engaged in the cyber battle being waged on the home front.
Cybersecurity matters because it helps thwart cyber adversaries from disrupting normal operations, stealing data, or making us doubt the validity of the data we use. The consequences of a compromise could be as harmless as unwanted ads on your smartphone or as serious as the failure of weapons systems during a conflict.
Each October is designated as National Cybersecurity Awareness Month, and the Departments of the Navy are using the month to remind all hands of cyber dangers and their responsibilities in cyberspace.
Understanding the consequences of our actions in cyberspace is essential to combating cyber threats, and Cybersecurity Awareness Month is an important time to be reminded of the ways we can contribute to the strength or weakness of the enterprise through our day-to-day actions – at work, at home and at sea.
The elaborate defenses built and maintained by cybersecurity professionals can accidentally be undone by network and systems users, which is why we will provide resources during October at https://www.navy.mil/local/cyberawareness/ that explain user cybersecurity best practices.
The catastrophic loss of national security data from Boeing shows how users can be exploited to breach otherwise strong cyber defenses. Using a phishing attack, Chinese hackers penetrated Boeing’s network by tricking users into clicking links that downloaded malicious software. Over the next year, at a cost of only $400K, the Chinese stole many of the plans for the C-17 strategic transport aircraft, which cost the US $40B to develop over a decade, resulting in the “…most massive transfer of wealth through cyberattacks in US history.”
Connecting an unauthorized thumb drive that contains malicious software to the network is an innocent mistake with potentially damaging consequences. Thumb drives loaded with malicious software were connected to the network by unsuspecting Iranian technicians and used to spread the Stuxnet virus that destroyed centrifuges in one of their nuclear research facilities.
A weak password could also allow adversaries to gain a foothold in our networks for exploiting Navy systems and data.
The cyber war is largely unseen but the consequences of this on-going conflict in cyberspace are serious for the Navy. Even if you are not a cyber professional, you play an important part in keeping the Navy cyber secure.
The Navy is counting on you to help protect it from cyber threats. Be on the lookout for updates during October that explain ways to reduce your personal cyber risk and reduce cyber risk to the Navy. We will also provide information about and for those in the cybersecurity workforce.
From Office of the Deputy Chief of Naval Operations for Information Warfare Public Affairs