In late October, the Department of the Navy announced a strategy that clearly identifies cyberspace as a domain in which warfighting is permitted. The strategy was created in order to more accurately assess the cyber risks present across the service as a response to a high profile breach of its systems last year.
According to FCW contributor Sean Lyngaas, the strategy was created as part of task force cyber awakening, the main purpose of which is to provide leaders with a more comprehensive view of the cybersecurity standing of the service’s multiple components. The task force is a year-long effort to improve protections for hardware and software used by the Navy. According to Matthew Swartz, a member of the department’s senior executive service, Naval commanders are now responsible for cyber and IT activity under the new defense strategy.
Lessons learned from past breaches
The new defense strategy will secure not only business computers, but network capabilities like combat and control systems as well. Last year, the Navy Marine Corps Intranet was massively breached by hackers believed to be from Iran. Officials from the service found cyber awakening to be increasingly necessary as cyberwarfare becomes more sophisticated and the Internet of Things grows to include military devices like ship speakers and even missile launchers. The rising number of connections between systems onboard and those on land is also causing concern for the Department of the Navy.
“It’s not only the interconnectedness of what’s on the ship,” said Swartz in an interview with Defense One. “We’re starting to also evaluate the interconnectedness of our float platforms to the shore to make sure that we have the right connections in place and that we’re providing the right security.”
One of the task force’s major undertakings will be to secure new pieces of apparatus like the Navy’s tactical afloat network while it continues to support applications that operate on outdated Microsoft XP software.
While it may currently take the Navy days or even weeks to assess a given program’s cybersecurity strength, according to Swartz, one of the goals of the new strategy is to reduce this time dramatically. Led by Vice Admiral Ted Branch, the task force is comprised of four subgroups which each cover separate issues such as resiliency and interoperability.
According to Swartz, the project will be completed and it’s work fully implemented by August of 2015 and will serve to create an “enduring capability that [the Navy will] organize around.