Adversaries are taking on the Navy’s shift to remote work in the wake of the coronavirus pandemic, according to the service’s chief information officer.
Speaking at the Department of the Navy’s Gold Coast Small Business Procurement event today, Navy CIO Aaron Weis said the service saw a jump in malicious activity as employees began teleworking to prevent the spread of COVID-19.
“We’ve seen a number of potential exploits by malicious cyber actors. Kind of the easiest stuff and because everyone is super responsive and working from home – lots of phishing activity. And Especially early on, if it said COVID-19 in the subject line, you were going to open it,” Weis said.
“And really then that’s the front door and then getting somebody to click on an attachment or whatnot that you can get into somebody’s face with a COVID-themed message,” he continued. “The other is – there was an uptick in the registration of domain names that contain COVID, COVID-19, along with DOD specific variants of that, as the services rushed to push out tracking, tracing capability services, etc, for use in this teleworking environment.”
Weis did not provide details as to where the attacks originated. In addition to phishing and using registered domain names, Weis said the Navy also saw an increase in “spoofing” activities, with attackers sending messages looking like they were from “trustworthy sources.” Weis praised U.S. Cyber Command, Marine Corps Cyberspace Command and U.S. Fleet Cyber Command for swiftly responding to the attempts.
“Especially early on, we ramped up the communication around this to help educate the user base on these potential exploits,” he said.
“We also had to work in conjunction with the deployment of that new technology. So as that Teams client — that [Commercial Virtual Remote] capability — was deployed, we also saw adversaries try to exploit those seams,” Weis added, referring to the Commercial Virtual Remote (CVR) initiative the Pentagon created in the early days of the pandemic.
The Pentagon at the end of March started to introduce CVR, which includes Microsoft Office 365 and its Teams platform, as a short-term fix for the remote work many Americans moved to when widespread lockdowns took effect. The Navy and Marine Corps currently average approximately 200,000 personnel who are teleworking each day, Weis said.
The plan for CVR was to have it “burned down” once the pandemic ended, according to Weis.
Before the pandemic, the Navy planned to implement Microsoft Office 365 in the next few years, Weis said. In January, the service had a pilot program with 10,000 users for the platform.
But the new teleworking reality has forced the Navy and Marine Corps to roll out Microsoft Office 365’s availability much more quickly. Weis said the Navy expects to reach 160,000 users for the platform by the conclusion of Fiscal Year 2020. The Marine Corps is slated to have 150,000 users on the platform across its uniformed and civilian personnel.
“What’s happened is we’ve created a capability which we now have as an expectation. And that expectation is becoming a requirement and people are saying ‘I need that going forward,’” Weis said. “So what will happen and what is happening is that the Navy and Marine Corps are working to deploy Office 365 broadly.”
The fast-tracked shift to Microsoft Office 365 means the Navy can shed legacy cyberinfrastructure and move on to a more modern system.
“As we move to this new environment, which will enable these capabilities, we will obsolete that legacy infrastructure,” Weis said. “And there is goodness to be gained there, from a cybersecurity perspective, from an operational perspective, from a cost perspective.”
The Navy CIO said he expects to eliminate the use of CVR in about a year.