Over the weekend, revelations arose that earlier this year—January and February of 2018— hackers purportedly employed by the Chinese government allegedly stole 614 gigabytes of sensitive military information from a U.S. Navy contractor. The contractor has not been officially identified. The exact nature of the breach hasn’t been publicly stated either, although The Washington Post—who broke the story—noted the information was stored on an unsecured network.
The stolen data may have included design plans for a supersonic anti-ship missile among other naval warfare information. The stolen information was technically not classified individually but as a whole could be considered “classified.” Some of the information may have been connected to the Sea Dragon project, about which little is publicly known except it will introduce “disruptive offensive capabilities” to existing naval technologies.
The Naval Undersea Warfare Center, a Rhode Island-based submarine and underwater weapons research and development firm, hired out the hacked contractor. There is little information about the investigation into the hack publically available although the U.S. Navy is investigating with the assistance of the FBI.
According to U.S. Navy spokesman Cmdr. Bill Speaks: “There are measures in place that require companies to notify the government when a ‘cyber incident’ has occurred that has actual or potential adverse effects on their networks that contain controlled unclassified information.”
What The U.S. Navy Hack Means for Enterprises
We’ve written time and time again about the increasing threats from nation-state actors—hackers either under the direct employ of or allegedly connected to national governments to achieve covert objectives. These objectives can be as diverse as siphoning illicit funds for sanctioned administrations, stealing intellectual property from academic institutions, or causing general disruption. The U.S. Navy Contractor hack illustrates how cybersecurity is now a matter of national security and how devastating a nation-state attack can be.
However, this attack may convince enterprises that they can’t be the victims of a nation-state hack. They may fool themselves into thinking that they aren’t targets since, logically, governments will attack other governments. They are sorely mistaken.
From the evidence we’ve seen in our research, nation-state hackers still follow the basic behavioral principles of more garden-variety digital threat attacker: unless they’re looking to steal specific information, they’ll target whatever enterprise or institution is easiest to compromise. Remember, the Chinese government didn’t hack the U.S. Navy directly—they instead infiltrated the unsecured network of a third party that contained the information they wanted. If your enterprise has data that a government might want or even if you have funds in a digital format, you could easily become a target of a nation-state.
Your enterprise, therefore, needs to take cybersecurity as one of its highest priority. You need to evaluate whether you have unsecured networks and close those security holes. You need to fortify your threat detection capabilities so that leaks are stopped as soon as they infiltrate your IT environment. You need to be aware of the security event data no matter where in your network it occurs, and have the capabilities to analyze that data.
One of the most important aspects of a nation-state hack is that your enterprise is going up against resources and funds that may not be typically available for your own IT security team. Having a SIEM solution deployed on your IT environment can dissuade hackers with even the most advanced systems from targeting you.
That seems like a worthy investment to us.
Latest posts by Ben Canner (see all)
- By the Numbers: Business SIEM in 2020 - June 4, 2020
- How SIEM Improves Business Incident Response Plans - June 3, 2020
- Revisiting Whether SOAR Will Replace SIEM in Business Cybersecurity - May 29, 2020