Cyber attacks are on the rise and the defense industrial base is a critical target. Fortunately, more companies today are refusing to look the other way or close their eyes and hope the risk goes away. They’re also complying with government requests to disclose incidents and provide information.
Earlier this month, Huntington Ingalls Industries, Inc. filed a notice of data breach with the Maine Attorney General after learning that an unauthorized party accessed confidential consumer information stored on the company’s computer network. It reportedly resulted in an unauthorized party gaining access to consumers’ names, Social Security numbers, phone numbers, credit card numbers, debit card numbers, dates of birth, driver’s license numbers, passport numbers, financial account information, routing numbers, health insurance information, and medical information.
HII currently employs more than 43,000 people and generates approximately $10.5 billion in annual revenue. The shipbuilding company, based in Newport News, VA, primarily builds ships for the United States military and also provides related support services. On April 18, it sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
HII confirmed that a “data breach by an unauthorized party in the Alion network was recognized by HII in early 2022 during the transition of Alion networks into the company. HII acquired Alion Science and Technology in August 2021 and quickly began the process of integrating the company’s personnel and other assets into HII.”
HII took remediation efforts and made security improvements, and they noted that the “data breach had no impact on HII operations.”
The organization also had an independent forensic investigator conduct a comprehensive investigation that resulted in no evidence of any data transferred outside the company. They found that the unauthorized party was able to see the information but did not transfer anything “pertaining to former and current Alion employees and individuals that were associated with Alion prior to being acquired by HII.”
HII also confirmed that “this data breach is localized to Alion and Mission Technologies, NOT HII’s two shipbuilding divisions or corporate employees.” And as a good member of the Defense Industrial Base, HII shared that “Despite no data being transferred outside the company, we are taking measures to protect Alion employees and individuals that were on the legacy Alion servers.”
Fincantieri Marinette Marine Hit in Ransomware Attack
It was also this month that Fincantieri Marinette Marine experienced a ransomware attack in the early morning of April 12, when large chunks of data on the shipyard’s network servers were rendered unusable by an unknown professional group, USNI News first reported.
The Wisconsin-based shipyard currently builds the United States Navy’s Freedom-class Littoral Combat Ship, as well as the Constellation-class guided-missile frigate.
Though it was not a serious cyber attack, it had apparently already caused a number of production delays across the shipyard. One issue was that the compromised data was used to feed instructions to the shipyard’s computer numerical control (CNC) manufacturing machines, resulting in devices like welders, cutters, bending machines, and other computer-controlled tools being offline for several days. By the end of last week, some of the CNC machines were back in operation, while repair and construction operations continue,
As of last Friday, however, email and some networked operations remained offline.
“Fincantieri Marine Group experienced a cybersecurity incident last week that is causing a temporary disruption to certain computer systems on its network. The company’s network security officials immediately isolated systems and reported the incident to relevant agencies and partners. Fincantieri Marine Group brought in additional resources to investigate and to restore full functionality to the affected systems as quickly as possible,” Fincantieri spokesman Eric Dent said via a statement.
New Threat Vector
The news of the attacks comes just days after Microsoft Threat Intelligence warned that Iranian hackers could be targeting U.S. interests. It is unclear if the recent attacks were conducted by the Islamic Republic or another potential adversary.
“It’s difficult to attribute cyber attacks targeting U.S.-based defense contractors with certainty, but the shortlist would certainly include APT (Advanced Persistent Threat) groups at nation-states including China; Russia; North Korea, and Iran,” warned Ted Miracco, CEO of cybersecurity firm Approov.
“All of these nation states have the capacity, motivation, and strong interests in targeting corporations that are involved in shipbuilding for the U.S. Navy, as both MMS and HII are suppliers to the U.S. Navy,” Miracco told ClearanceJobs. “U.S. naval vessels pose a threat to these nation-states from the South China Sea, to the Black Sea and up toward the Arctic Circle, along the Korean Peninsula and inside the Persian Gulf, so any of the four nations could be behind the most recent attacks and there is a longer list of possible attackers that should not be totally ruled out either.”
The bigger concern is that the entire U.S. defense sector could see similar attacks, and Miracco suggested they could be more sophisticated and brazen than ever before. One only needs to look at a map to see why.
“Hostilities with China over Taiwan, and Russia over Ukraine, are the obvious causes for increased attacks on U.S.-based defense contractors,” Miracco added.
Increasingly Sophisticated Attacks
The shortage of cybersecurity professionals is one part of the issue, as are the newest advances in technology, which could allow for even fair unsophisticated nation-states to carry out those increasingly sophisticated attacks.
“In addition, the ability to successfully execute these types of attacks is probably at an all-time high with cyber attackers gaining the advantage over defenders as more data is moved to the cloud and accessed through vulnerable mobile devices,” Miracco continued. “The use of AI and Chatbots will certainly benefit the attackers more than the defenders and the widespread use of APIs makes it an ideal time to perform cyber espionage.”
The fact that the penalties for getting caught are not as impactful, since sanctions are already in place against most of these nation-states means there is no economic downside to getting caught attacking the U.S. As a result, the attacks are also likely to grow in both volume and sophistication.
“They will be more brazen than anything we have seen during the Cold War, as cyber-espionage provides a greater level of anonymity and deniability,” said Miracco. “The USA has also been recently exposed for spying operations on both friends and allies, so in effect, there is no moral high ground to be claimed on the part of the victims in this escalating cyber war.”