US Navy Network Hack In September, Which Was Pinned On Iran, Was Due To A Flawed Contract With Hewlett Packard And Irregular Maintenance: Report

  on
  • To match Insight - CYBERSECURITY/IRAN
    John Bumgarner, a cyber warfare expert who is chief technology officer of the U.S. Cyber Consequences Unit, a non-profit group that studies the impact of cyber threats, works on his laptop computer during a portrait session in Charlotte, North Carolina December 1, 2011.
  • HP
    A man walks past the Hewlett Packard logo at its French headquarters in Issy le Moulineaux, western Paris, in this September 16, 2005 file photograph.
1 of 2

An infiltration of the U.S. Navy's network in September, which was blamed on Iran, was made possible because of a poorly formulated contract with Hewlett Packard (NYSE:HPQ), or HP, the Wall Street Journal reported Friday, citing sources.

The contract that the Navy signed with HP did not mention that the technology company was supposed to provide specific security to a set of Navy databases, according to the Journal. The report also said that since the security databases were not maintained regularly, the hackers could attack the systems easily and move deeper into the Navy Marine Corps Intranet network. While the U.S. has been concerned about the cybersecurity threat that Iran poses to its systems, this is the only publicly-known breach of a military network that has been blamed on Iranian hackers.

A senior defense official blamed the security gaps on “decisions made years ago as to what the Navy network structure should be and what kind of risk it was comfortable taking,” according to the Journal. The contract was first signed in 2000 and later updated in 2010. The Navy’s unclassified network has 800,000 users at 2,500 locations, the Journal reported, citing the Navy.

The Navy is currently investigating the hack, which revealed flaws in its cybersecurity network and led to a four-month long overhaul of its systems, though officials have claimed there was no loss of vital information from the security breach. 

A senior defense official told the Journal that HP is “a responsive partner” adding that the government takes “the ultimate responsibility” for “accepting security-related risk.”

The clean-up operation reportedly cost $10 million and involved hiring cybersecurity contractors to push the hackers out and build better safeguards. Lawmakers on Capitol Hill are expected to evaluate the nomination of Vice Adm. Michael Rogers, who oversaw the Navy's response to the hack, for the position of director of the National Security Agency.

“They’re getting more and more sophisticated by the day,” said Rep. Michael McCaul (R-Texas), chairman of the House Homeland Security Committee, according to the Journal. “We know they are creating a greater offensive capability.”

Join the Discussion