The Wall Street Journal recently reported on an internal review of the U.S. Navy’s cybersecurity. The review began in October 2018 in response to several high-profile hacking incidents, such as a breach reported during June 2018 in which plans for a supersonic anti-ship missile were stolen from a company under contract with the Navy’s Naval Undersea Warfare Center.
Here are some troubling key takeaways from the 57-page report:
- Years of relentless cyber attacks - The report says: “For years, global competitors, and adversaries, have targeted and breached these critical contractor systems with impunity.”
- Critical secrets have been stolen - The report maintains that the IP and classified data stolen could “threaten the U.S.’s standing as the world’s top military power.”
- The extent of the damage is unknown - There is no clear assessment of the scope of the data losses to both the Navy and its partners, according to the report.
The Scope Of The Threat
Unfortunately, the issues brought to light by the Naval report are not new. At Attila Security, we learn of supply chain breaches and attacks on a daily basis. Any contractor or supplier that has access to your organization’s network poses an inherent security risk. Contractors may not have the financial resources, bandwidth or knowledge to simply keep hardware and software up to date or to establish and enforce strict IT security protocols company-wide. Any of these could open the door to a potential cyber attack.
Even those contractors that deploy robust security solutions run the risk of a breach if there is even just one unprotected endpoint (laptop, printer, VoIP system, IoT device, mobile phone or any other IP-enabled device) with access to their system. Hackers will exploit any unsecured entryway to breach the contractor’s defenses, gain access to the government agency’s network and steal or modify schematics, test data or other intellectual property.
Defending Against Cyber Threats
In the Wall Street Journal article, a Navy official is quoted as likening the unrelenting barrage of cyber attacks to a deadly virus. Using this analogy, how do we inoculate our government agencies and their suppliers?
U.S. based Attila Security’s GoSilent Client and SilentEdge Enterprise Server is eligible to be used as an IPSec Virtual Private Network Gateway component in a CSfC solution (more information can be found at www.nsa.gov). GoSilent provides CNSA Top Secret (TS) level security for protecting data. It has plug-and-play functionality for easy set-up and is flexible enough to work with any type of IP-enabled device. GoSilent’s affordable price-point and availability make it an easily scalable solution and a welcome option for organizations previously hampered with expensive encryptor devices. Using GoSilent, government agencies, their Defense Industrial Base partners and suppliers can securely send and receive classified communications, including data, text, voice, images and video.
At Attila Security, our people, products and partners are committed to protecting the nation state. Our technology is installed at governments and enterprises across the globe, protecting mission critical intellectual property and data. Learn more about Attila’s GoSilent products and next-generation edge security.