2019 Navy Contractor Hack and Beyond: Importance of DOD Cyber Security
The Navy, like all parts of the U.S. government, has been under constant siege by cyber attackers. In 2018, it was reported that hackers from the Chinese government were able to compromise a Navy contractor. By 2019, this had led to a new cyber security maturation model to bolster government contractor cyber security. Let’s take a deeper look into the navy contractor hack and the importance of DoD cyber security.
Navy Contractor Hacked: What Happened?
Reportedly, 614 GB of data regarding the project “Sea Dragon” was stolen, in addition to an extraordinary amount of data from sensors. This sensitive data compromised a missile project that the DoD was working on. It was an interesting attack because it was completed by Chinese hackers. China was attempting to find out more about the United States’ defenses.
But it wasn’t just that. There were multiple incidents. The hackers targeted other contractors and even universities as well. While the Navy didn’t say how many attacks had occurred over the last year and a half, it appeared to be a worrisome amount.
Organizations within the Department of Defense are uniquely well-targeted. They are targeted not only by lone attackers, but also by entire governments. It isn’t just internal DoD servers that are targets, but also private defense contractors.
The Aerospace Industry Data Breach
In addition to the previously mentioned Chinese hack of Department of Defense contractors in the Navy, there was also an aerospace industry data breach. In 2019, it was revealed that not only was the Navy contractor hacked, but it was theorized that Chinese hackers had attempted to steal Airbus information via contractors. (China has denied that it was responsible for the attack.)
This highlights how frequently contractors are the major vulnerability. Contractors may not have as high levels of security as government employees — sometimes, they may not even have the ability to secure their systems to that level, because they don’t have the available technology. It’s important for contractors not to be the weakest link, because it’s very easy to identify contractors as a given target.
Attackers will always be going after secrets, confidential information and intellectual property. And because of that, companies need to be able to secure themselves against even the most aggressive of attacks.
The New Cybersecurity Certification Model
In 2019, the DoD released a new Cybersecurity Maturity Model Certification (CMMC). This tiered certification model described the maturity of an organization’s cybersecurity solutions. To be able to handle even unclassified information from the DoD, companies need to be on the CMMC model. Tiers became more advanced as information became more confidential.
Any government contractor will need to follow the CMMC model. However, the CMMC isn’t just for government contractors. The CMMC model is good for virtually any company — because it ensures that the company is properly secured against a cybersecurity breach, and that the company is prepared to react if a cybersecurity breach does occur.
What Can We Learn from the Attacks?
The CMMC model is now important for anyone who hopes to work with the Department of Defense. And that includes those who aren’t working with sensitive or confidential information. Anyone wanting to be a contractor working with the DoD will need to at least meet some tier of Cybersecurity Maturity Model Certification.
And that’s a good thing. Contractors for larger companies need to be aware that they may be targeted so that the larger companies can be breached. And even though ultimately the larger company may be the target, that doesn’t mean that damage won’t be done to the contractor. Most directly, it may mean that the organization no longer wants to work with the contractor. Indirectly, the contractor will need to shore up its own security and improve its operations.
Even organizations as large as the Department of Defense can fall prey to hackers, and there are aggressive hackers surfacing all over the world, many of whom are state-sponsored. No company should assume that it is immune or that its security is bolstered enough to protect it. Companies today need to be constantly improving their cybersecurity and streamlining their cybersecurity initiatives. Otherwise, they can easily fall behind and become compromised.
Many companies may need help achieving better cybersecurity. Most companies can’t dedicate all their time to their cybersecurity initiatives. And it can be very difficult to explore new security models or achieve greater levels of security preparedness.
But an MSP can help. An MSP can help a company improve its cybersecurity initiatives — and help it achieve Cybersecurity Maturity. For more information about the cybersecurity needs of the modern era, contact us today.