This Editorial was originally published in the Richmond Times-Dispatch on 12/18/2018
According to a news story in Friday’s Wall Street Journal, “Chinese hackers are breaching Navy contractors to steal everything from ship-maintenance data to missile plans, officials and experts said, triggering a top-to-bottom review of cyber vulnerabilities.” While the entire Department of Defense has had its share of cyber vulnerabilities, the sea service seems to be having an especially egregious time with security breaches by its contractors. The news story says that “victims have included large contractors as well as small ones, some of which are seen as lacking the resources to invest in securing their networks.”
This is completely unacceptable. Last week, Sen. Mark Warner released “A New Doctrine for Cyberwarfare & Information Operations.” In it, he noted several notorious American intelligence failures of late and the urgency with which we need to develop a sound U.S. cyber doctrine. Warner said he believes “we have entered a new era of nation-state conflict: one in which a nation projects strength less through traditional military hardware, and more through cyber and information warfare.”
The senator is right. The entire nation, but especially our security, defense, and intelligence agencies, need to get deadly serious about cyber security. According to the consultancy firm Willis Tower Watson, 90 percent of all cyber claims stem from either human negligence, error, or malicious intent. We need to start holding people and organizations accountable when a security breach is caused by carelessness, ineptitude, or failure to install regular maintenance updates.
As for military contractors — if they can’t guarantee cybersecurity, they should not be granted a contract. If small contractors don’t have the resources to protect their networks, they shouldn’t be bidding for jobs. Chinese hackers are stealing us blind as it is; we don’t need to leave the front door wide open for them.