Email this Article Email   

CHIPS Articles: Navy Cybersecurity: Anatomy of a Cyber Intrusion

Navy Cybersecurity: Anatomy of a Cyber Intrusion
By CTNC (IDW/SW/AW) Jason E. Lois, Navy Cyber Defense Operations Command - October 24, 2017
The security of the Navy networks is a continuous, all-hands effort. Every day, Sailors and civilians must stand guard on our Navy’s digital quarterdeck to prevent cyber intrusions.

Cyber threats are real, and cyber criminals are determined, intelligent and persistent. Cybersecurity protections, such as firewalls and antiviruses, are great defensive measures, but they cannot protect against bad judgment.

Human error has been responsible for many intrusions of the .mil network in the last several years. Violating security best practices, circumventing security policies, complacency and falling victim to social network exploits allow cyber criminals to target vulnerabilities that may directly impact the Navy networks and systems. These errors can put our security at risk. Here is how cyber criminals compromise computer systems:

Reconnaissance: Finding an unlocked door
Cyber adversaries learn about their target’s weaknesses. They will gather information about the target’s networks, systems and their defensive measures. Interacting with potential victims online is the easiest method to gather this information because of the volume of accessible information posted on social networking sites. Highly successful techniques to gain network or system access include:

  • Social Engineering: Adversaries count on you not following good security policies and procedures. Their goal is to make you feel comfortable giving out personal or critical information. They will then use this information to access sensitive data without your knowledge. Cyber criminals are very good at tricking you into visiting a webpage, downloading an app or connecting an unauthorized device containing malicious code.
  • Phishing: Adversaries will send what appears to be a trustworthy e-mail containing a website link or an attachment. By clicking on the link or opening the attachment, you may be directed to a website that prompts you to provide financial or personal information, or you may be directed to another website that uploads malware onto your computer.
  • Watering Hole: Adversaries will go after websites frequented by specific interest groups or organizations. They profile victims and observe online behavior like their most visited websites or social media circles. Then they identify a flaw in the system on one of those sites, compromise it and wait for a target. Users who visit a watering hole site are stealthily redirected to another site and exploited by the adversary through implanted malware.

Intrusion: We’re In
Once the system or network is compromised, the adversary will blend in with normal traffic, making their detection difficult. In this stage, criminals begin identifying existing security flaws within the network’s lifelines and will secretly deploy their cyber tools to probe deeper to identify additional vulnerabilities.

Malware Insertion and Lateral Movement: The Waiting Game
Adversaries are persistent and will attempt to penetrate in-depth across the network and wait until needed. They may also implant software to capture passwords to access privileged accounts, critical information, sensitive data, state secrets, intellectual property, or command and control (C2) systems. Cyber criminals can now degrade or disrupt network activity.

Transfer of Data: Getting What They Came For
Once an adversary establishes reliable network access, they can move sensitive information to an outside location where encryption can be cracked outside of the compromised environment. Then, cyber criminals can target the victim again or use the information obtained to identify another victim.

Clean Up: Leaving Without a Trace
Cyber criminals are skilled at making an intrusion appear like a computer glitch. Most will attempt to get rid of any evidence, such as over-writing data or cleaning up event logs, to make sure they are undetected. Some adversaries plan only one cyber-attack and will disconnect from the system while others may work to establish a backdoor entry so that they can revisit at any time.

Navy cybersecurity requires everyone to treat Navy networks like a weapons system. Cybersecurity is enhanced when you are vigilant, practice defensive measures, are aware of the types of cyber threats, and understand cyber intrusions to better defend the Navy’s systems and networks.

The mission of Navy Cyber Defense Operations Command (NCDOC) is to execute defensive cyberspace operations and enable global power projection through proactive network defense of Navy networks and systems and reports operationally to U.S. Fleet Cyber Command/U.S. 10th Fleet.

U.S. 10th Fleet is the operational arm of Fleet Cyber Command and executes its mission through a task force structure similar to other warfare commanders. In this role, C10F provides operational direction through its Maritime Operations Center located at Fort George G. Meade, Maryland, executing command and control over assigned forces in support of Navy or joint missions in cyber/networks, information operations, electronic warfare, cryptologic/signals intelligence and space.

From Navy Live Blog, the official blog of the U.S. Navy:

The cyber threat is real. U.S. Navy infographic
The cyber threat is real. U.S. Navy infographic
Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer