An infiltration of the U.S. Navy's network in September, which was blamed on Iran, was made possible because of a poorly formulated contract with Hewlett Packard (NYSE:HPQ), or HP, the Wall Street Journal reported Friday, citing sources.
The contract that the Navy signed with HP did not mention that the technology company was supposed to provide specific security to a set of Navy databases, according to the Journal. The report also said that since the security databases were not maintained regularly, the hackers could attack the systems easily and move deeper into the Navy Marine Corps Intranet network. While the U.S. has been concerned about the cybersecurity threat that Iran poses to its systems, this is the only publicly-known breach of a military network that has been blamed on Iranian hackers.
A senior defense official blamed the security gaps on “decisions made years ago as to what the Navy network structure should be and what kind of risk it was comfortable taking,” according to the Journal. The contract was first signed in 2000 and later updated in 2010. The Navy’s unclassified network has 800,000 users at 2,500 locations, the Journal reported, citing the Navy.
The Navy is currently investigating the hack, which revealed flaws in its cybersecurity network and led to a four-month long overhaul of its systems, though officials have claimed there was no loss of vital information from the security breach.
A senior defense official told the Journal that HP is “a responsive partner” adding that the government takes “the ultimate responsibility” for “accepting security-related risk.”
The clean-up operation reportedly cost $10 million and involved hiring cybersecurity contractors to push the hackers out and build better safeguards. Lawmakers on Capitol Hill are expected to evaluate the nomination of Vice Adm. Michael Rogers, who oversaw the Navy's response to the hack, for the position of director of the National Security Agency.
“They’re getting more and more sophisticated by the day,” said Rep. Michael McCaul (R-Texas), chairman of the House Homeland Security Committee, according to the Journal. “We know they are creating a greater offensive capability.”