The Office of the Deputy
Chief of Naval Operations for Information Warfare released the below
information:
WASHINGTON (NNS) --
Throughout National Cybersecurity Awareness Month this October, and in
subsequent articles, the Office of the Deputy Chief of Naval Operations for
Information Warfare (N2N6) will describe the things you can do, at home and at
work, to protect yourself and the Navy from cyber threats.
Few people today need to be
convinced that our networks, computers and smart phones are at risk of
compromise. We've grown accustomed to the news of computer hacks.
The confidential information
of 143 million Americans was potentially compromised in the recent Equifax
breech. In May 2017, the WannaCry ransomware attack infected 150,000-plus
computers in over 150 countries within the first 24 hours.
If you keep up with the news,
you know of Russia's election-focused data thefts and disclosures. More distant
high profile attacks, such as the 2015 Office of Personnel Management hack that
resulted in the theft of 21.5 million personnel records, are memorable because
they affected many of us in the Navy.
From these example hacks, you
can safely assume anything connected to the internet is at risk.
In fact, any electronic
device for storing and processing data - a computer - is at risk, regardless of
whether it's connected to the internet or whether it looks like the desktop or
laptop computers we use at home and at work.
Disconnected systems are also
vulnerable as attackers have employed innovative tactics to reach systems not
connected to the internet. For example, thumb drives loaded with damaging
software were picked up by unsuspecting technicians and used to spread the
Stuxnet virus to centrifuges in an underground Iranian nuclear research
facility.
Although the compromise of
Iran's nuclear facility was well publicized, less well known are other news reports
that also demonstrate physical systems controlled by computers (control
systems) are at risk.
In 2016, hackers who were
thought to be from Russia compromised a Ukrainian power company, knocking out
power to part of Kiev for over an hour. A 2015 breech of a Ukrainian energy
company, which resulted in a power outage to 80,000 customers, may have been
related to the 2016 attack. Closer to home, in 2016 "...the Justice
Department claimed Iran had attacked U.S. infrastructure online, by infiltrating
the computerized controls of a small dam 25 miles north of New York City."
The control systems that
manage the Navy's critical infrastructure and other services at Navy bases and
facilities are commercial products that have known weaknesses. Like the Ukrainian
control systems and the systems controlling the New York dam, Navy control
systems and networks used by operational forces could also be at risk of
compromise.
During June 2017, a
commercial ship off the Russian coast discovered its GPS navigation system
erroneously located the ship at an airport 32 kilometers inland. At least 20
other ships in the area had similar problems with their Automatic
Identification System, which U.S. Navy ships also use. "Experts think this
is the first documented use of GPS misdirection - a spoofing attack that has
long been warned of but never seen in the wild."
Chief of Naval Operations
(CNO) Admiral John Richardson sums up the current cyber threat environment,
"The threats reach well beyond what you would consider a traditional
computer or information technology network into the control systems and indeed
almost every aspect of our lives and of our Navy mission."
These cyber threats can come
from nations with highly sophisticated cyber programs, countries with lesser
technical capabilities but possibly more disruptive intent, ideologically
motivated hackers or extremists and/or insiders within our organizations, with
a variety of motivations. Even cyber criminals threaten the Navy because they
sell malicious software to state and non-state actors, thereby increasing the
number of potential threat actors.
Vigilance and ensuring a
robust defense-in-depth framework that incorporates people, processes and
technology to assure our networks are safe is key.
The threat will continue to
increase as adversaries look for potential vulnerabilities and increase their
level of sophistication for cyber-attacks. In Congressional testimony, former
Director of National Intelligence James Clapper described the threat saying,
"Cyber threats to US national and economic security are increasing in
frequency, scale, sophistication and severity of impact. The ranges of cyber
threat actors, methods of attack, targeted systems and victims are also
expanding."
But you can make a
difference.
By adhering to cybersecurity
policies, directives and best practices you can help keep the Navy secure and
also protect yourself and your families while online, outside of work. It's an
all hands effort, like damage control on a ship.
Knowing adversaries are
actively seeking to penetrate our systems, steal our data and disrupt
operations should help you understand the CNO's perspective: "Wherever you
are, whatever system you're operating, every time you log in, you are in the
cyber battlespace."
Note: You can click on the above illustration to enlarge.
No comments:
Post a Comment