Yesterday brought stunning news of yet another security lapse by our Navy. As reported by The Washington Post, Chinese hackers in the first two months of this year penetrated the computers of an unnamed defense contractor, “stealing massive amounts of highly sensitive data related to undersea warfare” from the Naval Undersea Warfare Center in Newport, Rhode Island.
NUWC (“new-ick”), as it’s called by sailors, handles sensitive and classified projects for the Navy’s submarine force, which just happens to be one of the few areas where the U.S. Navy still holds important advantages over its Chinese rival. As China’s rapidly expanding navy increasingly contests American naval dominance in the Western Pacific, our submarine force retains an important technological and tactical edge over Beijing—one that may just have been fatally compromised.
The hackers, who belonged to the Ministry of State Security, cleared out an astonishing amount of defense information such as “secret plans to develop a supersonic anti-ship missile for use on U.S. submarines by 2020” according to the Post, as well as “614 gigabytes of material relating to a closely held project known as Sea Dragon, as well as signals and sensor data, submarine radio room information relating to cryptographic systems, and the Navy submarine development unit’s electronic warfare library.” Since one gigabyte is equivalent to about a thousand good-sized books, roughly a half-million pages of text, this was an astonishingly large compromise.
While the loss of plans for a hush-hush super-missile is bad enough, the rest of what’s been handed to Beijing looks even worse. Sea Dragon, which the Pentagon has already spent $300 million on, is a secret Navy undersea warfare program initiated in 2015 and based on “disruptive offensive capability.” Much of that classified work has been done in Groton, Connecticut, which is home to the Navy’s submarine force, where more than a dozen nuclear-propelled attack submarines are based. Sea Dragon is considered a critical enabler for the U.S. Navy in any war against China, so its compromise may have grave consequences.
So too does the loss of NUWC’s electronic warfare library, which is a classified collection of all kinds of data about electronic signatures and countermeasures. This is also an area where our advantage over the Chinese navy, once significant, has been gradually slipping—and may now be lost altogether.
What really jumps out at any anyone who’s ever worked in intelligence, however, is the mention of the loss of cryptographic systems relating to submarine communications. This involves highly classified code and cipher techniques that are used by the U.S. Navy to communicate with its submarines at sea. This ranks among the most important secrets in our Navy, since any compromise of those communications may give the enemy the ability to locate and track our submarines while they are underway.
Exactly this sort of cryptographic compromise doomed Hitler’s U-Boats during the Second World War. Unbeknownst to Berlin, the Enigma cipher machines used by the Wehrmacht had been cracked by Polish and then British intelligence, which termed this enormously important breakthrough the ULTRA secret. Thanks to ULTRA, Allied navies were able to locate and kill U-Boats, resulting by 1943 in an attrition that was unsustainable for the Germans. Hitler’s once-mighty submarine force melted away in defeat. If Beijing has its own ULTRA secret against our Navy, particularly our all-important submarines, the outcome of any future war with China may be in doubt.
However, the worst part of this sad story is how it happened at all. As the Post explains: “The data stolen was of a highly sensitive nature despite being housed on the contractor’s unclassified network. The officials said the material, when aggregated, would be considered classified, a fact that raises concerns about the Navy’s ability to oversee contractors tasked with developing cutting-edge weapons.” In other words, a contractor had a lot of information residing on unclassified IT systems.
How exactly this happened demands thorough investigation—by the FBI, since the Navy can no longer be trusted to investigate itself with honesty and thoroughness. Despite years of warnings about pervasive cyberespionage by China, Russia and other rivals, the U.S. Navy remains desperately unserious about basic security. This demands explanation before it happens again—as it surely will unless the Navy changes course.
While they’re at it, investigators ought to ask why so many core Department of Defense functions are in the hands of defense contractors whose attitudes toward security are generally laughable, as illustrated by the Edward Snowden saga, among many others in recent years. NUWC needs contractors to function, as do most DoD organizations. Whether they need so many of them, and whether those private firms should have so many secrets shared with them, needs to be asked urgently.
Above all, the U.S. Navy’s lackadaisical attitude toward security and counterintelligence is on painfully full display, yet again. One might have thought that the Fat Leonard scandal, a ridiculous corruption-cum-espionage story that has paralyzed the Navy’s top leadership for almost five years now, would have forced a serious rethink about keeping secrets. It did not. The distinct Chinese aura around the Fat Leonard story has been something our admirals would prefer not to be discussed—or even seriously pondered. As a result, nothing has really changed.
At root, the U.S. Navy does not care about security, thanks to an insular arrogance that, one of these days, will lead our fleet to doom in the waters off East Asia. Our Navy spends a great deal of time training its sailors in things that have nothing to do with their core mission—hot-button social matters such as sexual harassment, avoiding drugs and alcohol, and generally not acting like, well, sailors are perennial favorites—while basic security education lags far behind. The U.S. Navy, like the Pentagon as a whole, has thousands of pages of laws, rules and regulations on the books pertaining to all aspects of security. The NUWC compromise reveals how poorly these are being enforced.
This comes down to culture. Our Navy has socially remade itself in recent years to please the new cultural mandarins. A drunk-driving arrest or a minor sexual infraction of the wandering-hands sort, which not long ago would have been considered a manageable matter, now is instantly career-ending. While this represents progress of a sort, it needs to be considered that failures of security are treated far less harshly. Until a security misstep is as threatening to an officer’s career as a lapse in social judgement, nothing will change, and the U.S. Navy will keep losing its secrets—and, eventually, its sailors’ lives in battle. The clock is ticking, while somewhere in China a brigade’s worth of intelligence analysts is poring over the 300-million-page secret haul that the Ministry of State Security just stole from our submarine fleet.