CNO Richardson Addresses Suspected Chinese Cybersecurity Breach
Photo: Melanie Yu / NDIA
The Defense Department is assessing the damage caused by a suspected Chinese breach into a Navy contractor’s network that may have exposed reams of sensitive data, officials said June 14.
Last week, the Washington Post reported that China was behind a breach into the computer system of a Defense Department contractor that is working on a secretive naval program known as Sea Dragon. The breaches took place in January and February, The Post said.
Adm. John Richardson, chief of naval operations, told reporters that a Pentagon-wide investigation is currently underway.
“We have a full-court press on this,” he told defense reporters during the Women In Defense national conference in Washington, D.C. “This is a department-wide issue that we got to get after.”
The CNO did not name China as the culprit of the breach, but noted that the incident is an example of the great power competition the United States finds itself in with Beijing and Russia.
“This is sort of one of the dimensions of this competition that is [going] on. We have to do more to get more competitive in this dimension to safeguard information,” he said. It’s “a serious matter and we’ve got to do everything we can to think about how to shut that down.”
Kristen Baldwin, acting deputy assistant secretary of defense for systems engineering, said that much of the Pentagon’s technical information is on unclassified networks. The Defense Department has implemented contracting regulations that require protection of that data and the reporting of incidents by contractors when they occur.
That “is exactly what happened in this case,” she said.
The Pentagon is now looking at damage assessments and considering remediation actions if necessary, she said. However, Baldwin noted that just because something was exposed to a cyber exploit does not necessarily mean that sensitive information was lost.
“What we find in many cases is that it is unclassified data … [or] things that we would not be that unconcerned to lose,” she said.
Both Baldwin and Richardson declined to name the contractor. When asked if the public had a right to know the identity of the company, Richardson said that was unclear at the moment.
“I take that very seriously, in terms of what the public does have a right to know. But … as we work through this, I’m just not at liberty to say,” he said.
He didn't know if the company in question will ever be identified. “We’re just going to have to work our way to through this,” he said. “The most important thing is to thoroughly investigate it and understand it completely, so that’s where our efforts are right now.”