The Navy modernized and extended the reach of its information technology beyond traditional security boundaries over the last few years.
Ways adversaries have been recently observed exploiting Navy networks are listed in a newly unclassified notice penned by the Deputy Chief of Naval Operations for Information Warfare, which urges military officials to play an alert and active role in U.S. cyber defense.
“With heightened tensions throughout the world, ensure your team understands how the actions of a single user can impact our global force,” Vice Adm. Jeffrey Trussler wrote. “Take time at quarters or your next staff meeting to discuss why vigilance by everyone will make the difference between our continued mission success and our failure to meet the tasking of our nation.”
Released late last week and entitled “Importance of User Cybersecurity Responsibilities,” the note came as Russia’s still-intensifying attack on Ukraine started to unfold.
Trussler did not explicitly mention those countries in the document, but among its attachments is the Naval Operations chief’s navigation plan on the Navy’s strategic direction and long-term competition with China and Russia.
“Cyberattacks against businesses and U.S. infrastructure are increasing in frequency and complexity. DOD and federal law enforcement report adversary interest in our remote work infrastructure,” Trussler noted. “This means that you are a target—for your access and your information.”
Officials have “seen adversaries exploit policy transgressions on Navy and private home networks,” he added. They’ve done so by stealing or guessing credentials and passwords, downloading and unknowingly installing malware embedded within documents from unofficial websites and sources and posing as fellow service members to dupe people into sharing sensitive or classified information.
Every member of the branch must follow cybersecurity policies and report anything questionable they notice in their networks.
“Do NOT accept that ‘this is just the way things are’ or ‘this is not a big deal,’” Trussler wrote. “Your information systems security manager and our cybersecurity professionals are responsible for determining where the reporting stops.”
The Deputy Commandant for Information and Marine Forces Cyberspace Command published a message with the same tone and other recommendations to Marine Corps officials.