We are fortunate to live in a modern society with its many conveniences and technological advances. Gone though, are the days of leaving our cars, businesses, and homes unlocked. We can do things in our personal lives that were previously unimaginable because of computers, smartphones, smart devices, the Internet, and “the Internet of Things.”
The situation is much the same in cyberspace. As a Navy, we are much more effective and lethal because of technology, in particular because computers have helped us design better and innovate at a much faster pace than our adversaries. But, as in the physical world, there are bad actors in cyberspace, and we need to protect the Navy and ourselves from their persistent attacks.
These cyber threats are unseen but just as real as physical ones, and cyber systems must be protected from them, whether they are connected to other systems or not.
Every day, bad actors – from nuisance hackers to capable cyber adversaries or nation states – probe the Department of Defense’s information systems and connected devices millions of times, looking for openings in our cyber defenses. They seek any opportunity to remove sensitive information, compromise our systems, or disrupt operations.
According to a 2019 report, almost 50% of industrial control system networks showed evidence of malicious activity. These types of networks host systems similar to those that control our ships and infrastructure. Although the main attack vector was through the Internet, the second most common attack method was through removable media, such as thumb drives, which even affected disconnected systems.
More unsettling than attempted compromises of our networks and control systems are potential attacks against our increasingly computerized and connected weapons systems. In 2018, the Government Accountability Office found that “…testers playing the role of adversary were able to take control of systems relatively easily and operate largely undetected.”
Most attacks targeting individuals and businesses are motivated by financial gain. Ransomware threatens to publish the victim's data or block access to it unless a ransom is paid. Other attacks are designed to steal financial or confidential information but some, like the Shamoon computer virus that erased files and made infected computers unusable, are meant to destroy our information systems at great price to businesses and the nation. The monetary impacts of some attacks, such as the MyDoom virus, which caused $38.5 billion in damages worldwide, are difficult to comprehend.
Highly skilled cyber professionals defend the Navy’s networks, systems, and data but you play a critical role in keeping the Navy safe at work, and protecting yourself at home.
The 2020 Verizon Breach Report identified the most common threat actions that led to organizational breaches as phishing and the use of stolen credentials, which includes passwords that are often saved to files on the computers they are meant to protect. Hackers cracked passwords or used stolen credentials in 80% of their successful hacks.
Phishing relies on deceiving someone like you to click on a malicious link or download an infected attachment. If you don’t know the sender or notice spelling and format errors in an e-mail you receive, contact the sender to verify its authenticity. By creating strong passwords, you can keep adversaries from gaining a foothold in our networks or preventing hackers from compromising your personal data.
Over the next few weeks, we will explain how to recognize phishing attacks, and how to create strong passwords. We will also describe other steps you can take to protect the Navy and yourself from cyberspace bad actors who are ready to exploit any weaknesses they find.
Whenever you use a device with a computer chip, you are in the cyber battlespace. Understanding your role in the cyber fight is critical for the Navy because our adversaries are becoming more capable every day. A recent Harvard University study that measured countries’ cyber capabilities (including their offensive capabilities) and their intentions to use their cyber powers concluded that "China’s cyber power is only second to the U.S.”
The CNO has repeatedly emphasized the importance of cybersecurity and the role Navy personnel play in worldwide Naval operations: “For the Navy to compete, fight and win across the spectrum of our operations – I need you to understand the gravity of the cyber threats we face. Be vigilant, and know our ability to prevail depends on what you do in cyberspace.”
Republished from Navy Live Blog, the Official Blog of the U.S. Navy: http://navylive.dodlive.mil/.