Blog

Officials recently revealed that a data breach occurred involving a Navy Contractor where hackers working for the Chinese government gained access to highly sensitive data regarding submarine warfare. Included in the breach were top secret plans for the design of a supersonic anti-ship missile system that was to be used in U.S. submarines by the year 2020.

American officials have confirmed that these breaches occurred in January and February of 2018, but would say very little else about the breach, citing the secret nature of the stolen plans. An investigation into what happened and exactly how the breach occurred is ongoing and the government is reluctant to speak of the incident while the investigation unfolds.

Though the naval contractor was not identified, U.S. officials confirmed that he worked for the Naval Undersea Warfare Center. This military organization is located in Newport, R.I. They conduct research on underwater weaponry and develop weapons specifically for submarines.

The Sea Dragon Project

The stolen data consisted of 614 gigabytes of information closely related to a project called Sea Dragon. In addition, radio room materials related to cryptographic systems were stolen along with, signaling and sensor data. The Washington Post has obtained more detailed information about this breach but, at the request of the U.S. Navy, they have agreed not to publish those facts. The military believes releasing these documents could further harm national security and put other military projects in jeopardy.

One of the more alarming details of the breach was that this naval contractor had highly sensitive information about Sea Dragon stored on his personal computer and phone. These devices did not have the necessary security protocols for storage of classified government documents. The contractor was using a normal unclassified network for his phone and computer despite knowing that the information he was privy to was of top-secret nature. Charges may be filed against the individual for not taking basic steps to secure the data and following NIST guidelines.

Problems with Naval Contractors

This incident has sparked highly-charged discussions about the Navy’s ability to properly oversee its vast network of contractors. Many of these people have access to the designs for America’s latest weaponry. Loss of these plans and blueprints could result in a devastating effect on America’s military capabilities.

Last week, the inspector general’s office at the Pentagon confirmed that Jim Mattis, Defense Secretary, was currently reviewing the handling of all military contractors. Mattis and his team will investigate whether there are other blatant cybersecurity issues that could possibly leak classified information to the Russians, Chinese, or North Koreans.

The Navy, working in conjunction with the FBI, is currently leading the investigation into what happened.

The naval spokesman, Cmdr. Bill Speaks, commented saying, “There are measures in place that require companies to notify the government when a ‘cyber incident’ has occurred that has actual or potential adverse effects on their networks that contain controlled unclassified information.” He added that “It would be inappropriate to discuss further details at this time.” The FBI has declined to comment.

Is the Sea Dragon Project Sunk?

Little is known about the Sea Dragon project, except that the project was designed to provide a “disruptive offensive capability” by “integrating an existing weapon system with an existing Navy platform.” In addition, the Pentagon said that the project has to date, cost over $300 million. The Navy had plans to begin underwater testing as early as September of 2018, but those plans will now most likely be placed on hold.

Military experts believe that China will now be able to develop technology that will render the Sea Dragon project ineffective. There is some speculation that other weaponry projects could also be compromised.

The government has set in place an extensive array of security protocols and guidelines to ensure that events like this do not happen.

According to the Nist.gov website:

All Department of Defense (DoD) contractors that process, store or transmit Controlled Unclassified Information (CUI) must meet the Defense Federal Acquisition Regulation Supplement (DFARS) minimum security standards by December 31, 2017, or risk losing their DoD contracts.[1]

Stopping Hackers in their Tracks

DFARS regulations were created to stop cyber breaches like Sea Dragon from taking place. All government contractors and sub-contractors are required to use high-level security protocols anytime they store, process or transmit sensitive government data.

According to a study done by IBM in 2014[2], human error is involved in as many as 95 percent of all data breaches. Cyber breaches are successful because hackers prey on human weaknesses. Most commonly, hackers lure an unsuspecting victim into giving access to the cyber thief believing him to be a legitimate person or company. Hackers are able to sell the information they obtain on the Dark Web.

Many governments around the world now employ a staff of hackers who work continuously to steal data from large companies, individuals, hospitals, various government organizations, non-profits and many others. The stolen information will fetch a high price on the Dark Web. In the case of Sea Dragon, the data loss could place an advanced Naval weapons systems into the hands of the Chinese.

[1] https://www.nist.gov/mep/cybersecurity-resources-manufacturers/dfars800-171-compliance

[2] https://securityintelligence.com/the-role-of-human-error-in-successful-security-attacks/

The concept of Code Signing SSL Certificates includes protecting users against phony software and assuring that the software is not infected with a virus. Most reputable companies require this certificate before accepting a product and using it. In today’s world, it’s the safest method of guaranteeing that software has not been altered or compromised.

Types of Code Signing SSL Certificates

There are several types of Code Signing SSL Certificates. The Business Validation SSL certificate requires that the software manufacturer or developer provide verification documents to the Certificate Authority. Once these documents are submitted, it can take three days for approval. This approval guarantees the authenticity of the digital program.

Code Signing SSL Certificates for Individuals are used less, though still important. If an individual programmer creates an app or software product and wants to include a Code Signing SSL Certificate, then the programmer must provide documents that prove his/her identity.  The Certificate Authorities check to make sure this person is who he says and that he is the author of the digital work.

What is a Code Signing SSL Certificate?

This certificate is a way for the programmer to digitally sign his or her work. An authentic Code Signing SSL Certificate includes a company or individual’s name, their signature, and often a timestamp, though this is not required. With this certificate, end users can feel confident that the program will work as promised.  SSL Certificates are used on software programs, applications, script, code, and drivers.

Improving Internet Security

Security on the World Wide Web has become an important commodity. There are phishing attacks launched daily. Along with that, ransomware has become quite prevalent. Attackers lock your computer files then demand a ransom be paid, usually in Bitcoin. Add to that so many computer viruses and worms hid within suspicious links that it’s difficult to keep up today.

In spite of the great amount of publicity about these attacks, many are successful due to a poorly educated public. Most users admit they sometimes click on links or visit sites they probably shouldn’t. It’s human to think that bad things only happen to other people.

Large reputable companies like Microsoft simply can’t take chances with their security or risk exposing end users to harm. The cost in both time and money would be too great; not to mention the damage to their reputation. That makes the Code Signing SSL Certificate very critical to businesses with a strong reputation to protect.

With this certificate, we can be assured of two important elements:

• Content Source Authentication — ensures the developer’s code legitimacy
• Content Integrity — verifies that the code is authentic and has not been tampered with

How to view the SSL Certificate

To authenticate a software program, click on the certificate that has been issued. You should be able to view the publisher’s name. There may be other information such as the timestamp. If it isn’t there, then the software originates from an “Unknown Publisher”. It may or may not be authentic. It could contain spyware, ransomware, malware, or other viruses. In some cases, thieves download authentic-looking programs onto your computer with a dangerous script running in the background. These lines of code can allow the Software Pirate to steal passwords and/or personal information.

How do Code Signing SSL Certificates work?

Just like other SSL Certificates, the Code Signing Certificate is created based on the public-private key pair. Though a key pair is related mathematically, the private key can only be decrypted by its original owner. Public keys are made available to anyone with access to the public repository. If you have a message that you only want one person to be able to read, this can be done using a private key. It always remains confidential and private to its respective owner.

This history of Cryptography

The concept of cryptography began as early as 1874 when William Stanley Jevons wrote a book called The Principles of Science. In it, he described various ways of creating a message that could only be read by the intended party. His theory was to produce a long random number that could only be known by one other person. For years, various mathematicians worked on the idea until 1970 when a British cryptographer working for the UK government came up with what he called, “non-secret encryption”.

Cryptographers and scientists saw the important applications for military use. Being able to send messages that the enemy could not read became a vital function of national security for all governments. Though this type of cryptography is still used today, it’s more common usage now is to protect software programs from alteration.

Why are SSL Certificates necessary?

When an application or program does not have a Code Signing SSL Certificate, any programmer can go into it and change lines of code however they want. This leaves everyone vulnerable. Maybe the programmer improved the software but maybe he added a Trojan worm.  Individuals and especially companies have a lot at risk and simply cannot afford to download malware or ransomware that would lock up all their files.

Reputable software manufacturers want to ensure that their products are free from tampering and the Code Signing SSL Certificate makes alteration impossible. It’s the perfect way to let users know that the software or app is authentic.

The process of creating a Code Signing SSL Certificate

There are multiple steps required in the process of creating the Code Signing SSL Certificate. The process begins with the actual code signing itself. This confirms the identity of the person or company that created the software. The steps are briefly outlined below:

1. The software developer requests a Code Signing SSL Certificate.
2. The identity of the developer is certified.
3. A special Code Signing program is used to attach the SSL certificate to the software as a digital signature.
4. The developer can now send the program out to publishers.
5. Publishers double check to make sure the digital signature is authentic.
6. A time stamp is often entered so that the certificate doesn’t expire.

Conclusion

Once you have a Code Signing SSL Certificate, you can assure users that it’s safe to use and contains no viruses or malware. Big publishers often require these certificates so they can use this as a selling point when reselling the software or app to end users. Many people will not buy a piece of software if it does not have this certificate.

From the word go, the term communication indicates that there is more than one party involved in the conversation. For there to be effective communication, both parties must understand what the other is saying. Communication in business is somewhat different from casual communication, say among friends. In business, the stakes are higher. Much more is involved and there is much more to lose, therefore, it is important that the communication is as effective as possible.

There are certain rules that need to be followed for communication to be effective. These have been summarized as the 7C’s and are believed to guide communication especially in business. The 7C’s of communication is meant to inform people who do not know much about the rules of communication. Below, we discuss the 7C’s of good business communications.

• Conciseness

First of all, communication needs to be concise. Conciseness simply means that you get to the point. Communication in business that does not convey to the other party exactly what the person is saying can be frustrating. It not only wastes time but can also lead to mistakes when the information conveyed is not understood. For this purpose, it is important that the message is conveyed in a concise manner. Of course, don’t be abrupt or rude, but be sure that you make your point. In today’s fast-moving world, business people appreciate it when you say what you mean and don’t leave listeners wondering.

• Completeness

The message communicated needs to be complete. Do not assume that the person you are talking to will fill in the blanks or read between the lines. Ensure that before the conversation comes to an end, the person you are talking to has understood you completely. It is common knowledge that different people react in various ways to information that is presented to them. In addition, each person’s level and speed of understanding varies. Leaving people to complete information for themselves opens up the material being conveyed to misinterpretation. Depending on the level of communication, mistakes that arise as a result of incomplete information being passed can end up being quite costly to the business.

• Clarity

Always remember that clarity is key. Imagine a situation in which you need an employee to make certain purchases for your business. You give the employee the instructions, focusing mainly on the exact items to be purchased, the quantities needed, and the budget. The employee when making the purchases, however, ends up purchasing the wrong items or the wrong quantity. Can you imagine the impact that this would have on your business? This is just one of the reasons why there needs to be clarity on the information being passed. Say exactly what you mean, exactly how you mean it.

• Consideration

Keep in mind, whenever you are communicating with someone else that the other party is a human being with needs, feelings, life experiences, and certain biases. Knowing your audience is important if you are going to communicate effectively. Whether you know your audience or not, however, strive to be thoughtful in all your communications. Consider the other person’s feelings, their beliefs, their culture, and their biases. This can ensure that the message you are conveying is not received in a negative light. If possible, ensure that the message resonates well with your client.

• Correctness

Correctness means that the message you are delivering must be accurate. Do not rely on fake news sources, for example, to inform the information passed. Instead, verify the facts before communicating with others. This will maintain your credibility with the other party and increase their trust in you. Secondly, the correctness of information reduces the chance of misleading information being passed on to others. This, in turn, protects you from liability for misrepresentation. Even large news organizations report incorrect information nowadays. Though this can temporarily improve their ratings, it also tarnishes their reputation. People will always return to the most reliable news source at the end of the day.

• Confidence

First impressions are everything. They matter a lot. First impressions dictate how your audience will receive the piece of information that you are attempting to pass on to them. A good communicator is confident. This inspires confidence in listeners. A poised speaker is more likely to be received in a positive light. Their message will be regarded as important.

• Conversational

Communication that is conversational is important for both parties. Such communication ensures that no one is left out and that, at the end of the day, the ideas of both parties are taken into consideration. Conversational communication prompts both parties to listen well and respond appropriately. It can prevent misunderstandings.

Final thoughts

Good communication is an important part of the business. Business owners who communicate well are often more successful than those who don’t. They’re more respected in the community and more likely to build healthy, long-standing relationships. The art of being a good communicator is something that comes naturally to a few people but it can be taught. And, it’s well worth the time and effort to learn this trait. Especially, if you’re planning on being in business for a long time.