Strengthening Naval Security Posture: Mitigating Malware Attacks in the Face of Russian Cyber Warfare
The MOC
By
John Bui
January 9, 2024
In an era dominated by technological prowess, the realm of cyber warfare has emerged as a potent tool for nation-states seeking to assert dominance. The 2020 SolarWinds cyber-attack conducted by the Russian Cozy Bear organization, where malware significantly disrupted organizations supply chains, demonstrates this. The United States urgently needs to fortify its naval security posture against Russian malware attacks — a threat that not only compromises national defense but also strikes at the heart of modern warfare.
Authors from Booz Allen Hamilton’s Cyber Attacks on Navy Port Supply Operations report reason such an attack could be deadly because of its dormancy in a system’s network for nine months. This creates issues downstream, specifically including at ports in the Pacific where replenishment ships take on supplies. Enemy malware on port computers could disrupt critical resupply operations, especially during a potential naval confrontation in the INDOPACOM Area Of Responsibility (“AOR”). As it relates to the Indo Pacific region, it is imperative that the U.S. Navy be on high alert of activities from China in this territorial body of water. In this manner, they can mitigate risk when it comes to resupply operations and maintain readiness for threats and vulnerabilities from a security systems perspective.
Intensifying Cyber Threats from Russia
The book The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics argues the roots of the discord between the U.S. and Russia are deeply embedded in the clash of modern Western ideologies. Russian President Vladimir Putin’s disdain for the United States stems not only from political differences but from a fundamental clash of worldviews. The 2020 SolarWinds attack represents a monumental moment in Russian cyber-attacks on U.S. soil. Crucial government organizations including the military and Pentagon systems were impacted. Arguably, these types of attacks could potentially affect naval warfare systems, too. Understanding the architecture of U.S. Navy assets, from components to operational systems, is crucial to comprehending the gravity of the threat posed. To mitigate risk from such attacks, the U.S. Navy should implement network segmentation; create network profiles for each employee; require unique login credentials; and limit privileges to only those necessary; e wary of external media; install anti-virus software; and keep software updated with the latest security patches.
The cyber kill chain process, a methodical series of stages attackers follow, poses a direct threat to naval vessels. At each step of this chain, vulnerabilities are exploited, leading to potential disruptions in naval supply chain and logistics. The Advanced Persistent Threats (“APTs”) launched by Russian state actors, as illustrated in the SolarWinds incident, have remained undetected for prolonged periods, infiltrating government systems with sophisticated malicious codes What makes these attacks particularly menacing is the significant financial backing provided by Putin himself. State-sponsored hacker groups have access to ample resources, enabling them to innovate and execute complex cyber-attacks with devastating consequences. It is not only state actors that pose a threat but also cyber criminals operating independently. Distinguishing between nation-funded attacks and those driven by individual financial motives becomes a complex challenge. Are these cyber-attacks solely an expression of geo-political tension, or are there financial gains sought by cybercriminals operating under the Russian banner? Either way, cyber-attacks from Russian state-affiliated actors pose threats to U.S. supply chains.
Cybersecurity Best Practices
Defending against such multifaceted threats demands a strategic approach. While software upgrades and security patches are imperative, the balance between maintaining naval systems’ uptime and protecting against malware remains delicate. Routine system upgrades are essential to enhance security posture, yet they leave systems temporarily vulnerable. As such, the U.S. Navy and Coast Guard should work in tandem to secure vessel operation systems by implementing the following steps below:
Implement network segmentation
Create network profiles for each employee, require unique login credentials, and limit privileges to only those necessary
Be wary of external media
Install anti-virus software
Keep software updated
To address this vulnerability window, a proactive approach involves incorporating penetration testing throughout the software development life cycle and routine system downtime. By simulating malware attacks under controlled conditions, naval systems can be rigorously tested for vulnerabilities and security effectiveness. This strategic balancing act ensures that routine upgrades not only enhance security posture but also serve as proactive measures against evolving cyber threats.
The intensification of Russian cyber warfare on the United States, particularly targeting naval warfare systems, demands a unified and decisive response. Strengthening the security posture of naval assets is not just a technological imperative; rather, it is a strategic necessity for safeguarding national security in an era where battles are fought as much in the digital realm as on the open seas. The maritime security community must champion this cause, urging policymakers and defense agencies to invest in cutting-edge technologies and adopt proactive measures to mitigate the ever-evolving threat landscape. The sea may be vast, but the battle for its control is increasingly waged in the realm of ones and zeros.
John Bui is the North America Co-Chair at the US ASEAN Young Professionals Association. He currently works as a technical analyst at Unison where he focuses on identifying threats and vulnerabilities to strengthen security from the network down to the code for government clients. He is currently pursuing a Master’s in Cyber Risk Management at Georgetown University. He currently holds a Bachelors of Biology and a Master’s in Public Health from the University of Maryland.
The views expressed in this piece are the sole opinions of the author and do not necessarily reflect those of the Center for Maritime Strategy or other institutions listed.
Your investment in the Center for Maritime Strategy supports the U.S. Sea Services by empowering policy-driven maritime security research, advocacy, and education.
Center for Maritime Strategy
By John Bui
In an era dominated by technological prowess, the realm of cyber warfare has emerged as a potent tool for nation-states seeking to assert dominance. The 2020 SolarWinds cyber-attack conducted by the Russian Cozy Bear organization, where malware significantly disrupted organizations supply chains, demonstrates this. The United States urgently needs to fortify its naval security posture against Russian malware attacks — a threat that not only compromises national defense but also strikes at the heart of modern warfare.
Authors from Booz Allen Hamilton’s Cyber Attacks on Navy Port Supply Operations report reason such an attack could be deadly because of its dormancy in a system’s network for nine months. This creates issues downstream, specifically including at ports in the Pacific where replenishment ships take on supplies. Enemy malware on port computers could disrupt critical resupply operations, especially during a potential naval confrontation in the INDOPACOM Area Of Responsibility (“AOR”). As it relates to the Indo Pacific region, it is imperative that the U.S. Navy be on high alert of activities from China in this territorial body of water. In this manner, they can mitigate risk when it comes to resupply operations and maintain readiness for threats and vulnerabilities from a security systems perspective.
Intensifying Cyber Threats from Russia
The book The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics argues the roots of the discord between the U.S. and Russia are deeply embedded in the clash of modern Western ideologies. Russian President Vladimir Putin’s disdain for the United States stems not only from political differences but from a fundamental clash of worldviews. The 2020 SolarWinds attack represents a monumental moment in Russian cyber-attacks on U.S. soil. Crucial government organizations including the military and Pentagon systems were impacted. Arguably, these types of attacks could potentially affect naval warfare systems, too. Understanding the architecture of U.S. Navy assets, from components to operational systems, is crucial to comprehending the gravity of the threat posed. To mitigate risk from such attacks, the U.S. Navy should implement network segmentation; create network profiles for each employee; require unique login credentials; and limit privileges to only those necessary; e wary of external media; install anti-virus software; and keep software updated with the latest security patches.
The cyber kill chain process, a methodical series of stages attackers follow, poses a direct threat to naval vessels. At each step of this chain, vulnerabilities are exploited, leading to potential disruptions in naval supply chain and logistics. The Advanced Persistent Threats (“APTs”) launched by Russian state actors, as illustrated in the SolarWinds incident, have remained undetected for prolonged periods, infiltrating government systems with sophisticated malicious codes What makes these attacks particularly menacing is the significant financial backing provided by Putin himself. State-sponsored hacker groups have access to ample resources, enabling them to innovate and execute complex cyber-attacks with devastating consequences. It is not only state actors that pose a threat but also cyber criminals operating independently. Distinguishing between nation-funded attacks and those driven by individual financial motives becomes a complex challenge. Are these cyber-attacks solely an expression of geo-political tension, or are there financial gains sought by cybercriminals operating under the Russian banner? Either way, cyber-attacks from Russian state-affiliated actors pose threats to U.S. supply chains.
Cybersecurity Best Practices
Defending against such multifaceted threats demands a strategic approach. While software upgrades and security patches are imperative, the balance between maintaining naval systems’ uptime and protecting against malware remains delicate. Routine system upgrades are essential to enhance security posture, yet they leave systems temporarily vulnerable. As such, the U.S. Navy and Coast Guard should work in tandem to secure vessel operation systems by implementing the following steps below:
To address this vulnerability window, a proactive approach involves incorporating penetration testing throughout the software development life cycle and routine system downtime. By simulating malware attacks under controlled conditions, naval systems can be rigorously tested for vulnerabilities and security effectiveness. This strategic balancing act ensures that routine upgrades not only enhance security posture but also serve as proactive measures against evolving cyber threats.
The intensification of Russian cyber warfare on the United States, particularly targeting naval warfare systems, demands a unified and decisive response. Strengthening the security posture of naval assets is not just a technological imperative; rather, it is a strategic necessity for safeguarding national security in an era where battles are fought as much in the digital realm as on the open seas. The maritime security community must champion this cause, urging policymakers and defense agencies to invest in cutting-edge technologies and adopt proactive measures to mitigate the ever-evolving threat landscape. The sea may be vast, but the battle for its control is increasingly waged in the realm of ones and zeros.
John Bui is the North America Co-Chair at the US ASEAN Young Professionals Association. He currently works as a technical analyst at Unison where he focuses on identifying threats and vulnerabilities to strengthen security from the network down to the code for government clients. He is currently pursuing a Master’s in Cyber Risk Management at Georgetown University. He currently holds a Bachelors of Biology and a Master’s in Public Health from the University of Maryland.
The views expressed in this piece are the sole opinions of the author and do not necessarily reflect those of the Center for Maritime Strategy or other institutions listed.