Rustic American Flag Gunny's Job Board

Category Archives: cybersafe

Enhancing Cyber Protection While Increasing Resiliency

From the Office of the Deputy Chief of Naval Operations for Information Warfare (N2N6)

“…we’re in the cyber fight 24/7, 365 days a year, and our foes in that fight are sophisticated, and technologically advanced, and they are very well resourced, and they are focused on penetrating our systems.”
– Adm. John Richardson
Chief of Naval Operations

Any electronic device that stores or processes data is at risk of being compromised, regardless of whether or not it’s connected to the internet, and Navy networks go far beyond the desktop computers, laptops and handheld devices we use every day. They include hull, mechanical and electrical systems; systems that control steering and power; weapons and navigation systems; and aviation systems. Because some of our industry partners store and process sensitive data, we must also consider the security of their networks to fully protect our assets.

Prevention is of course the first line of defense: cyber warriors add layers of sensors and countermeasures make attacks more difficult, and they segment the network to contain damage. While the hope is to avoid conflict altogether, attacks on our networks have proven inevitable, so in the same way that a ship is designed to withstand a potential kinetic attack, and crews are trained to mitigate and control damage, the Navy has designed its networks and systems to be resilient. Resiliency allows Sailors, systems and platforms to “fight through” – just as they would if a ship’s hull was breached or steering was lost – in the event that an adversary were to penetrate our cyber defenses. Like the damage control teams on a ship, our cybersecurity workforce is able to detect compromises, determine what has been harmed, isolate the damage, make repairs, and implement work-arounds so the mission continues uninterrupted.

Sailors stand watch in the Fleet Operations Center at the headquarters of U.S. Fleet Cyber Command/U.S. 10th Fleet (FCC/C10F) at Fort George G. Meade, Maryland. Since its establishment, FCC/C10F has grown into an operational force composed of more than 14,000 active and Reserve Sailors and civilians organized into 28 active commands, 40 Cyber Mission Force units and 26 reserve commands around the globe. (U.S. Navy photo by Mass Communication Specialist 1st Class Samuel Souvannason/Released)
Sailors stand watch in the Fleet Operations Center at the headquarters of U.S. Fleet Cyber Command/U.S. 10th Fleet (FCC/C10F) at Fort George G. Meade, Maryland. Since its establishment, FCC/C10F has grown into an operational force composed of more than 14,000 active and Reserve Sailors and civilians organized into 28 active commands, 40 Cyber Mission Force units and 26 reserve commands around the globe. (U.S. Navy photo by Mass Communication Specialist 1st Class Samuel Souvannason/Released)

 

The lines of effort for this strategy include identifying what needs to be protected and conducting risk assessments; protecting or hardening systems and networks; detecting anomalous behavior that might represent an attack; reacting to compromises or potential compromises by containing the breach and mitigating damage; and restoring basic functions in an effort to return to normal operations. All of these lines of effort are supported by recruiting and retaining top talent within the Navy’s cybersecurity workforce, and training users on best practices and data protection.

The Navy has made significant investments in each of these areas, and is executing plans in support of cyber resilience across the force. Examples include transitioning to the Risk Management Framework for assessing and managing systems’ cybersecurity risk, which can be used to “bake in” cybersecurity during systems development instead of being “bolted on” later. The Risk Management Framework also requires continuous monitoring, which helps the Navy maintain secure systems throughout their lifecycles.

The Navy also continues to identify and harden critical components through the CYBERSAFE Program, which was modeled after SUBSAFE, the rigorous submarine safety program instituted after the loss of USS Thresher in 1963. Like the submarine program, CYBERSAFE seeks to harden defenses before, during and after systems and their components are fielded to ensure they can better withstand attacks.

 A bow view of the nuclear submarine USS Thresher (SSN 593), July 24, 1961. (U.S. Navy photo/Released)
A bow view of the nuclear submarine USS Thresher (SSN 593), July 24, 1961. (U.S. Navy photo/Released)

 

In response to sustained malicious attempts to access Navy data, the Department of the Navy published guidance to increase the accountability of contractors and subcontractors responsible for handling our data. This guidance gives the Navy more visibility into contractor networks and increases contractors’ security requirements, as well as significantly shortens the time for contractors to report compromises.

And as the Navy moves software and data from local computers and Navy-owned data centers to the cloud, it is taking steps to ensure cybersecurity is not compromised in the process.

To implement these reforms and maintain readiness in the cyber domain, the Navy needs its best and brightest at the helm. The department is acting with urgency to recruit and retain top talent in the workforce by leveraging Direct Hiring Authority for civilian cybersecurity personnel, offering incentive pay and direct commissions to civilian personnel with advanced cybersecurity expertise, and expanding the Cyber Warrant Program to incentivize Sailors.

Improving the Navy’s cyber resilience is an operational imperative requiring sustained effort and significant investments, and with the help of our entire Navy team, we will continue to meet the many complex and evolving threats posed by adversaries in the cyber domain.

Over the next two weeks, we’ll describe how you can contribute to the Navy’s cyber fight, and what steps you can take to protect yourself online – at work and at home.

http://navylive.dodlive.mil/2018/10/15/enhancing-cyber-protection-while-increasing-resiliency/ U.S. Navy

The Navy’s Cybersecurity Focus

From Office of the Deputy Chief of Naval Operations for Information Warfare (N2N6)

Testifying before the Senate Armed Services Committee this year, Vice Adm. Michael Gilday, commander of U.S. Fleet Cyber Command / U.S. 10th Fleet, stated, “U. S. Navy freedom of action in cyberspace is necessary for all missions that our nation expects us to be capable of carrying out including wars, deterring aggression and maintaining freedom of the seas.”

Cybersecurity is a priority for the Navy, not only during Cybersecurity Awareness Month, but every month of the year because it enables the freedom of action in cyberspace described by Gilday.

The systems and networks the Navy must protect, its “cyber platform,” is complex and daunting in size. More than 500,000 computers are connected to our networks, but the cyber platform also includes ships’ hull, mechanical and electrical systems – such as those that control steering and power – weapons and navigation systems, aviation systems, and the technology controlling physical devices on bases and facilities – control systems.

With today’s rapidly evolving threats, ensuring complete security is impossible. Instead of attempting to address every possible weakness in its cyber defenses, we are executing a cyber resilience strategy that will enable it to “fight through” the inevitable compromises.

Cyber resilience is like shipboard damage control. If a ship is hit, the crew quickly determines what has been damaged, isolates the damage, makes repairs, implements work-arounds and continues fighting.

An information graphic depicting the dangers of cyber attacks. (U.S. Navy graphic/Released)
An information graphic depicting the dangers of cyber attacks. (U.S. Navy graphic/Released)

 

The Navy’s strategy for cyber resilience includes making significant investments in people, processes and technology to: account for what needs to be protected (Identify), harden the Navy’s cyber platform (Protect), identify anomalous behavior (Detect), respond to compromises (React) and restore normal operations (Restore). The strategy also includes investments and initiatives for the Cyberspace Workforce (Foundational).

We are executing the cyber resilience strategy across the entire force – afloat, undersea, aloft, ashore, command, control, communications, computer and intelligence-space, Military Sealift Command and fleet. Plans supporting the strategy include core tasks that are common across the Navy as well as domain-specific tasks. Included in the plans are Department of Defense and Congressionally mandated tasks such as the migration to a more secure way of logging onto computers and the assessment of weapons systems and control systems for vulnerabilities.

The priority placed on cybersecurity by the Navy is evident from the level of senior leadership involvement in this critically important issue. The Navy’s Cybersecurity Executive Committee is co-chaired by the vice chief of naval operations and the Assistant Secretary of Defense for Research, Development and Acquisition. The executive committee provides cybersecurity oversight and conducts progress reviews of Navy cybersecurity initiatives, including progress on each domain’s cyber resilience plans.

We have made significant investments to improve its cyber situational awareness across all domains.

We are protecting our networks and systems with a defense-in-depth approach that layers sensors and countermeasures to increase the difficulty of attacks and segments the network to keep adversaries from moving laterally in the network. This type of architecture also allows compromised systems to be isolated so damage can be contained during recovery operations.

A bow view of the nuclear submarine USS Thresher (SSN 593), July 24, 1961. (U.S. Navy photo/Released)
A bow view of the nuclear submarine USS Thresher (SSN 593), July 24, 1961. (U.S. Navy photo/Released)

The Navy also continues to identify and harden mission critical systems through the CYBERSAFE Program. CYBERSAFE is modeled after SUBSAFE, which is the rigorous submarine safety program begun after the loss of USS Thresher (SSN 593) in 1963. Like the submarine program, CYBERSAFE will harden a critical subset of warfighting components, which could be certain systems or parts of the network. CYBERSAFE will apply more stringent requirements to these components before and after fielding to ensure they can better withstand attempted compromises. CYBERSAFE will also require changes in crew training and procedures.

In addition to devoting time and resources to mitigating current cyber threats, we are also preparing for future threats by mandating that cybersecurity is addressed during the development of new systems. One of the ways program managers are meeting this requirement is by applying Navy cybersecurity technical standards throughout the lifecycle of the various systems.

Gilday’s comment before Congress that “we believe our people…can make the network stronger” explains the emphasis the Navy has placed on providing cyber and cybersecurity training for its personnel. Because our entire Navy needs cyber training but not everyone requires the same level of instruction, we have developed tailored cyber training for our cyberspace workforce, leaders, users and enhanced users.

  • For the cyberspace workforce, the Navy is providing training that enables them to manage, defend and attack information technology.
  • Cyber training is also being delivered to an increasing number of officers by integrating that training into their professional military education, as well as their undergraduate and graduate curriculum. The Navy has also begun to address the need to integrate cyber training in other leadership development courses.
  • All Navy personnel are required to complete online cybersecurity awareness training upon hiring or accession, with an annual refresher.
  • As part of this effort, systems and operational commands have identified enhanced users who require specialized cybersecurity training based on the roles they perform. For example, certain engineers at the systems commands will receive cybersecurity training so they are able to build better defended networks and systems. Some of this training is already underway.

Our cyber resilience strategy is well suited for today’s rapidly changing threats. There is certainly more work to be done to fully implement cybersecurity and change the culture across the force. As Chief of Naval Operations Adm. John Richardson reminds us, “It’s not just in October, we’re in the cyber fight 24/7, 365 days a year…cybersecurity is an all hands, all the time effort. Let’s get after it.”

October is Cybersecurity Awareness Month, but cybersecurity is a 24/7, 365 all-hands effort. Watch the video to learn more:

Posted by Chief of Naval Operations Adm. John Richardson on Monday, October 2, 2017

http://navylive.dodlive.mil/2017/10/18/the-navys-cybersecurity-focus/ U.S. Navy