U.S. Navy captains and admirals nominated for higher ranks are vulnerable to cyber attackers — and that’s why the service stopped publicly announcing their promotions last year, the chief of naval operations said Wednesday.
Adm. John Richardson spoke a week after an internal Navy review warned that the service and its suppliers are “under cyber siege.”
“Our competitors are focused prejudicially on those technologies where they see that they’re at a disadvantage and undersea is one where where I think that we would definitely have an advantage and many other maritime types of capabilities,” Richardson said of the new assessment at a press conference on the sidelines of a McAleese and Associates/Credit Suisse conference in Washington. “We shouldn’t be surprised, I suppose, that that’s a target.”
The admiral noted that this is just the latest report to warn about cybersecurity vulnerabilities. But he also said the threat of cyberattacks against its top brass led to last year’s decision to stop releasing promotion lists to the public. Those disclosures stopped in October, though the unclassified lists still go to the Senate for approval, USNI News reported in February. The Army, Air Force and Marine Corps have not followed suit.
“There’s always a tension between on the transparency and security. I don’t know if you’ve been personally attacked in the cyber world, but our new flags are,” Richardson said. “If we can do anything to kind of make sure we’re keeping their information and stuff secure, I wonder where we can contribute. This may not work out in the end, I don’t know, but that’s kind of our mindset there.”
Asked if this was a problem, Richardson said: “It’s just a vulnerability that we’re trying to think about reducing.”
The new cyber assessment blames Navy officials for failing to anticipate that adversaries would attack defense companies and suppliers, the Wall Street Journal reported. Richardson said the Navy needs to “move this forward with a sense or urgency” to address cybersecurity issues.
“One way or another, we’re going to have to get at this as a team,” he said. “It’s just the nature of cyber. Everybody’s got to be kind of at the same level of capability because it only takes one or two of a capability because it only takes one or two vulnerabilities and the enemy can be inside the network and do some serious damage.”