As modern warfare expands into the cyber domain, the Navy faces enormous and mounting challenges. Foreign governments and non-state actors employ cyberspace operations on behalf of broader strategic political and military objectives. Adversaries leverage publicly available online tools in order to quickly identify vulnerabilities that allow them to exploit high priority targets.
According to the 2018 Department of Defense (DoD) Cyber Security Strategy, China and Russia possess significant advanced cyber capabilities that they actively use against the United States. Iran and North Korea possess less sophisticated cyber capabilities, but have nevertheless increasingly demonstrated a willingness to conduct destructive cyberattacks that are well beyond the norms of state behavior in peace time.
While the Navy has robust cybersecurity protections in place, such as firewalls, intrusion protection systems and antivirus software, risks remain, and human error, in particular, continues to enable intrusions and breaches that imperil mission-critical data.
Non-compliance with security policies, network directives and requirements, including social networking guidance, allows malicious cyber actors to target vulnerabilities that can put information and information systems at risk. Practicing good cyber hygiene is essential to protecting our networks, and knowing the enemy enables Sailors, civilians and contractors to better defend against attacks. Below are the steps that many cyber adversaries use to compromise computer systems:
Reconnaissance: “Finding an unlocked door”
Cyber adversaries learn about their target’s weaknesses by gathering information about the target’s networks, systems and defensive measures. Interacting with potential victims online is the easiest method to gather this information because of the sheer volume of information posted on social networking sites and elsewhere online. Highly successful techniques to gain network or system access include social engineering, phishing or watering hole attacks. In each of these cases, the victim is manipulated into downloading infected material from an outside source or revealing personal information that makes the victim vulnerable to security breaches.
Intrusion: “We’re in”
Once the system or network is compromised, the adversary blends in with normal traffic, making their detection difficult. At this stage, bad actors begin identifying existing security flaws within the network and then secretly deploy cyber tools to identify additional vulnerabilities.
Malware Insertion and Lateral Movement: “The waiting game”
Adversaries may attempt to penetrate the network based on the vulnerabilities identified, or may decide to wait until a new vulnerability materializes. Adversaries are patient and persistent, and sometimes “hide out” for a period of time until the right opportunity presents itself. At this stage, they may also implant software to capture passwords to access privileged accounts, critical information, sensitive data, state secrets, intellectual property, or command and control systems, all of which may contribute to degraded or disrupted network activity.
Transfer of Data: “Getting what they came for”
Once an adversary establishes reliable network access, they can move sensitive information to an outside location where encryption can be cracked. Then, they may target the victim again or use the information obtained to identify another victim.
Clean Up: “Leaving without a trace”
Cyber adversaries are skilled at making an intrusion appear like a computer glitch. Most will attempt to get rid of any evidence by over-writing data or cleaning up event logs, to make sure they are undetected. Some adversaries plan only one cyberattack and will then disconnect from the system, while others may work to establish a backdoor entry so that they can revisit at any time.
Knowing our enemy and the ways they are attempting to compromise our networks are among the first steps to being able to defend against and defeat these attacks. Next week, we’ll describe what the Navy is doing to keep adversaries from using these steps to compromise our networks, systems and data. In the final two weeks of October, we’ll discuss how you can help thwart cyber adversaries at work and at home.
Learn more about Cybersecurity Awareness Month.
Editor’s note: Since its establishment in 2010, U.S. Fleet Cyber Command/U.S. Tenth Fleet has grown into an operational force composed of more than 16,000 active and Reserve Sailors and civilians organized into 26 active commands, 40 Cyber Mission Force units, and 26 Reserve commands around the globe. FCC serves as the Navy component command to U.S. Strategic Command and U.S. Cyber Command, and the Navy’s Service Cryptologic Component commander under the National Security Agency/Central Security Service. C10F, the operational arm of FCC, executes its mission through a task force structure similar to other warfare commanders. In this role, C10F provides support of Navy and joint missions in cyber/networks, cryptologic/signals intelligence and space.