A US Navy review provided to the Wall Street Journal paints a dire picture regarding an ongoing cyber war pitting hackers against the sea service. The 57 page review was brought to Navy Secretary Richard Spencer recently, depicts the Navy and its contractors “under cyber siege” by a host of nefarious actors, including Chinese government hackers, who have exploited critical flaws in US cyber security to steal troves of national security secrets from the defense industry.“For years, global competitors, and adversaries, have targeted and breached these critical contractor systems with impunity,” the review reads, according to the Journal.“These enterprises, regardless of their relationship with the department, are under cyber siege.”The review is sourced from research and interviews with senior officials in President Donald J. Trump’s administration, according to the Journal. The threat is posed not only to the naval service, but its contractors and subcontractors as well.Focusing on a series of data breaches over the previous 18 months, the review was launched in October, according to a memo authored by the SECNAV’s office. The final report claims that although the US is aware of cyber-attacks by foreign hackers, the government has struggled to respond to the large number of breaches and has failed to effectively warn its defense contractors.
In one incident during January and February of 2018, Chinese government hackers compromised the computers of a Navy contractor and harvested sensitive data dealing with undersea warfare, including plans for a supersonic anti-ship missile, the Washington Post reported in June. The Journal said the audit also faults Navy leaders for failing to anticipate that adversaries would attack the defense industry. “We are under siege,” a senior Navy official said in the report. “People think it’s much like a deathly virus, if we don’t do anything, we could die.” The document reports that China’s involvement in hacking has boosted its military prowess, "thereby altering the calculus of global power,” the Journal added.
https://www.cybersecurityintelligence.com/blog/the-us-navy-is-leaking-secrets-4183.html
Government inspectors have uncovered serious deficiencies in NASA’s information security program which they claim could threaten operations. The findings come from the latest Office of the Inspector General (OIG) review of the space agency for fiscal year 2018, under the Federal Information Security Modernization Act of 2014 (FISMA). The OIG tested the maturity of NASA’s infosec program via 61 metrics in five security function areas plus a subset of IT systems. This involved, testing systems against corresponding security documentation, and interviewing information system owners and security personnel Unfortunately, the report assessed NASA’s cybersecurity program as at Level 2 (Defined) for the second year in a row, well short of the Level 4 (Managed and Measurable) required by the Office of Management and Budget in order to be judged effective.The inspectors also flagged two serious issues: missing, incomplete and inaccurate data in system security plans and control assessments not conducted in a timely manner.
“We consider the issue of missing, incomplete, and inaccurate information security plan data to be an indicator of a continuing control deficiency that we have identified in recent NASA OIG reviews,” explained assistant inspector general for audits, Jim Morrison, in a letter to NASA’s CIO, Renee Wynn. “Likewise, the untimely performance of information security control assessments could indicate control deficiencies and possibly significant threats to NASA operations, which could impair the agency’s ability to protect the confidentiality, integrity, and availability of its data, systems, and networks.” The news is concerning given the willingness of nation state hackers to go after sensitive government IP, which could impact national security. Yet it’s not the first time NASA has been called out for less than optimal cybersecurity: the agency received an even worse report card back in 2010 when the OIG inspected. Last year, NASA also revealed that a server containing Social Security numbers and other identity data from current and former employees may have been compromised.
In one incident during January and February of 2018, Chinese government hackers compromised the computers of a Navy contractor and harvested sensitive data dealing with undersea warfare, including plans for a supersonic anti-ship missile, the Washington Post reported in June. The Journal said the audit also faults Navy leaders for failing to anticipate that adversaries would attack the defense industry. “We are under siege,” a senior Navy official said in the report. “People think it’s much like a deathly virus, if we don’t do anything, we could die.” The document reports that China’s involvement in hacking has boosted its military prowess, "thereby altering the calculus of global power,” the Journal added.
https://www.cybersecurityintelligence.com/blog/the-us-navy-is-leaking-secrets-4183.html
Government inspectors have uncovered serious deficiencies in NASA’s information security program which they claim could threaten operations. The findings come from the latest Office of the Inspector General (OIG) review of the space agency for fiscal year 2018, under the Federal Information Security Modernization Act of 2014 (FISMA). The OIG tested the maturity of NASA’s infosec program via 61 metrics in five security function areas plus a subset of IT systems. This involved, testing systems against corresponding security documentation, and interviewing information system owners and security personnel Unfortunately, the report assessed NASA’s cybersecurity program as at Level 2 (Defined) for the second year in a row, well short of the Level 4 (Managed and Measurable) required by the Office of Management and Budget in order to be judged effective.The inspectors also flagged two serious issues: missing, incomplete and inaccurate data in system security plans and control assessments not conducted in a timely manner.
“We consider the issue of missing, incomplete, and inaccurate information security plan data to be an indicator of a continuing control deficiency that we have identified in recent NASA OIG reviews,” explained assistant inspector general for audits, Jim Morrison, in a letter to NASA’s CIO, Renee Wynn. “Likewise, the untimely performance of information security control assessments could indicate control deficiencies and possibly significant threats to NASA operations, which could impair the agency’s ability to protect the confidentiality, integrity, and availability of its data, systems, and networks.” The news is concerning given the willingness of nation state hackers to go after sensitive government IP, which could impact national security. Yet it’s not the first time NASA has been called out for less than optimal cybersecurity: the agency received an even worse report card back in 2010 when the OIG inspected. Last year, NASA also revealed that a server containing Social Security numbers and other identity data from current and former employees may have been compromised.
No comments :
Post a Comment