This post has been updated with a statement from Lockheed Martin.
The Wisconsin shipyard that builds the U.S. Navy’s Freedom-class Littoral Combat Ship and the Constellation-class guided-missile frigate suffered a ransomware attack last week that delayed production across the shipyard, USNI News has learned.
Fincantieri Marinette Marine experienced the attack in the early morning hours of April 12, when large chunks of data on the shipyard’s network servers were rendered unusable by an unknown professional group, two sources familiar with a Navy summary of the attack told USNI News on Thursday.
In a typical ransomware attack, attackers take the information on a server, encrypt it and set terms for a key that will unlock the data.
The attack on Marinette Marine targeted servers that held data used to feed instructions to the shipyard’s computer numerical control manufacturing machines, knocking them offline for several days. CNC-enabled machines are the backbone of modern manufacturing, taking specifications developed with design software and sending instructions to devices like welders, cutters, bending machines and other computer-controlled tools.
Based on information from the Navy, it’s unclear if the attackers stole any data.
In a statement to USNI News, Marinette Marine acknowledged there had been a cybersecurity incident at the shipyard.
“Fincantieri Marine Group experienced a cybersecurity incident last week that is causing a temporary disruption to certain computer systems on its network. The company’s network security officials immediately isolated systems and reported the incident to relevant agencies and partners. Fincantieri Marine Group brought in additional resources to investigate and to restore full functionality to the affected systems as quickly as possible, “ reads a statement from Fincantieri spokesman Eric Dent.
“Repair and construction operations continue at all three U.S. shipyards, however the company’s email and some networked operations remain off-line for now.”
Fincantieri would not elaborate beyond the statement.
In a separate statement to USNI News, Freedom-class prime contractor Lockheed Martin spokesperson said, “we face threats every day from sophisticated adversaries around the world and we regularly take actions to increase the security of our systems and to protect our employee, customer and program data.”
USNI News understands that as of Thursday afternoon, some of the CNC machines at Marinette were operational.
USNI News was visiting the shipyard in Marinette the day after the attack and observed shipyard workers using the panel lines that feed gray and pink steel through to build both the Constellation-class frigates and the multi-mission surface combatants for the Royal Saudi Navy.
The yard is currently on contract to build four combatants for the Saudis and three frigates for the U.S. Navy, with the service planning to ramp up procurement in the pursuit of buying two frigates per year.
The Navy acknowledged the attack in a statement but did not provide additional details.
“The Navy was made aware of a cyber-incident involving Fincantieri Marine Group. FMG is the parent company of Fincantieri Marinette Marine which has contracts with the Navy to construct the Constellation Class Frigate and Freedom-variant Littoral Combat Ship. FMM also builds the Multi-Mission Surface Combatant,” reads the statement.
“FMG has taken measures to prevent further incursions and is conducting the required response, remediation and reporting actions. The Navy is actively monitoring the efforts.”
