« Return to Newsletter

Making the Waterfront Cyber Secure

On the 2nd of October, 2015, the Federal Bureau of Investigation (FBI), Cyber Division, released an FBI Flash message identifying a group of overseas cyber actors who compromised and stole sensitive military information from US cleared defense contractors (CDCs) through cyber intrusions.  For many of us, these types of warnings go unheeded, as news reports of hackers stealing information is commonplace.   

What was interesting was the reason these companies were targeted.  They were targeted based on their US Navy Seaport Enhanced contracts.  They did not target information pertaining to a specific contract; rather they stole everything they accessed via their malicious activities.  Included in the alert were Hash values, Snort Rules, and Yara Rules[1] intended to help CDCs protect themselves from attack.  But is this enough?  Are these types of warnings likely to spur CDCs to undertake the extensive (and costly) mitigation measures needed to address cyber intrusions? 

Hampton Roads is home to the largest military industrial complex in the world.  We should have no doubt that all of us are in the cross-hairs of cyber criminals and foreign powers not inclined to respect our intellectual property.  And cyber threats are not solely directed at the CDCs.  Cyber-attacks against the region often used “Watering Hole” attacks, where non-CDC companies serve as a vector for the cyber-attack.  As early as 2012, RSA FirstWatch warned of watering hole attacks against a host of targets across a variety of industries, including defense, government, academia, financial services, healthcare, and utilities. 

So if you own a welding shop across the street from the shipyard, or a takeout restaurant that is a favorite to merchant mariners, you are just as likely to be hacked as the CDCs.  The sophistication of these attacks cannot be overstated.  Nations hire teams of hackers to hack entire industrial sectors as a commercial enterprise and they will succeed.  So, what can the consortium of Virginia Shipbuilders (and suppliers) do to stem the tide of hackers?  Kevin Mitnick, the most famous of hackers will tell you to “think before you click.”  Great advice to be sure, but small companies can take a more purposeful stand as well.

Here are just a few ideas to help protect your company. 

  1.  Back up everything: to no-less than three forms of media.  Ransomware costs businesses about $20 million each year.  Backing up your data provides some security in knowing that, at least, you won’t lose all your corporate data.

  2. Use a Virtual Private Network (VPN):  Costs for a VPN are small compared to the losses if you don’t use them.  And for business leaders, this means your home network and all of your connected devices as well.  This sounds like a lot to ask, but modern VPN’s make the task simple and cheap.

  3. Don’t go overseas:  If you have a website and really don’t expect orders from overseas, have your IT personnel block all countries that you do not do business in.  This will not prevent a dedicated hacker from spoofing the IP address, but at least the script-kiddies may be discouraged.

  4. If you are (or deal with) a CDC, review and implement the NIST Special Publication 800-171 guidelines before the compliance deadlines in 2017.  Start early.  

Cyber Protection Resources (CPR) stood up in August 2015 to provide cyber protection resources throughout Virginia.  The non-profit is trying to make Virginia the most cyber-resilient state in the nation.  Much of the mission is educational, so give serious thought to the measures suggested above.  The company you save may be your own.

About the Author

Scott Phillpott is the Executive Director of Cyber Protection Resources, a non-profit promoting cybersecurity throughout the commonwealth.  They are hosting a cyber symposium on March 24th at the Westin Hotel, and Virginia’s Cyber Conference and Exposition at the Virginia Beach Convention Center on October 6th, 2016.  Registration is at www.cprcv.org or call 1-866-882-7728.



[1] To most of us, these cyber terms (Hash values, Snort, & Yara) have little meaning, but these are tools used by IT personnel to help protect organizations from cyber criminals.


« Return to Newsletter