Pentagon Thwarts 36 Million Malicious Emails Every Day, Navy Cyber Defense Operations Command Reveals

• Every year, the Defense Information Systems Agency conducts an assessment of DoD web browsing practices to determine the utility of bandwidth.
• It is estimated that the Navy spends approximately $160 million each year to clean up cyber intrusion.

The US Department of Defense (DoD) has become a lucrative target for cybercrimes due to the amount of trade and technological secrets it holds. With so much risk on the sensitive data and emergence of new threats, the department is on the toes to thwart the attacks.

What does the report say?

According to the Navy Cyber Defense Operations Command, the Defense department stops 36 million malicious emails that are full of malware, viruses, and phishing schemes.

These malign emails are sent by hackers and foreign adversaries trying to gain unauthorized access to military systems.

The Navy Cyber Defense Operations Command also highlights the emerging threats that leverage network traffic and protocols to compromise networks.

“Over the last two decades, The Non-classified Internet Protocol (IP) Router Network (NIPRNET) has grown at speeds faster than can be monitored. Further, its rapid adoption of encrypted web traffic protocols enables network traffic to traverse multiple network boundaries without adequate levels of inspection and monitoring. Unfortunately, these advancements also create expansive ways for adversaries to deliver potentially malicious software and compromise the network,” said the report.

How is DoD responding?

• Every year, the Defense Information Systems Agency conducts an assessment of DoD web browsing practices to determine the utility of bandwidth.
• It is estimated that the Navy spends approximately $160 million each year to clean up cyber intrusion. The cost includes a compilation of network downtime, production and manhour losses.
• The expense also involves the equipment used to perform traffic analysis, forensic analysis, mitigation, and management oversight. However, it does not include the actual investigation of the event.
• About $70 million is spent towards the clean up after negligent security practices on IT systems alone.

Combatting cyber threats with new approach

The Navy Department has adopted a three-step approach to combat cyber threats:

• IDENTIFYING the attack surface - All web browsing communications (e.g. email, chat, digital telephone, etc.), machine-to-machine interaction etc. must be identified to understand the threat landscape on them.
• REDUCING the attack surface - Separating mission-related activities from non-mission activities by whitelisting .gov and .mil domains or other such websites. After this, NIPRNET (Non-classified Internet Protocol (IP) Router Network) is deployed for mission-only activities and browsing.
• TRANSFERRING the risk - Limiting the users’ exposure to cyber risks by transferring the risk-off a network using a third-party provider. Many providers offer a capability that allows a sandboxed web browsing experience in end users only interact with websites while keeping the Navy’s mission-critical platform safe from potentially-malicious traffic.