US Navy outlines cyber-security strategy

Navy Chief Information Officer Robert Carey has outlined several possible approaches to improving cyber-security within the sea branch of the US armed forces.

According to Carey, industry, academia, military, civilians and contractors must work as a team towards a “singular” purpose: to operate and defend the Department’s networks against attack, while enabling access to information for those who require it.

“Defenders [must be] trained as attackers. While I know this is done in small pockets, it has yet to become doctrine throughout the Department,” he explained in an official blog post.

“We need to ensure that our network defenders possess the same skills and knowledge as our attackers. Our goal should be to break down the barriers between the defenders and the red teams. After all, we are all on the same team.”

However, Carey acknowledged that a multi-pronged approach was necessary – as “no one tool” was capable of “carrying” the day.

“[Indeed], different proprietary tools produce non-interoperable solutions, which produce exploitable gaps in our defenses. 

“[As such], the Department’s tools must be smartly integrated into a defensive suite, using automation where appropriate so that we can, in fact, defend at Internet speeds.”

Carey also noted that Secretary Gates’ direction to consolidate information technology infrastructure was “spot on.” 

“The DON Naval Network Environment strategy is our path to that end state. Across the Department’s four major domains (afloat, ashore (garrison), ashore (OCONUS) and tactical), the basic network architecture is the same – IP-based communications.

“[Sure], there may be radio frequency links or fiber optics involved, but the majority of TCP/IP packets must be able to move freely around the world. That being said, our infrastructure stovepipes must be opened and secured appropriately.”

He added that “many” lower echelon commands were operating independently from mainstream networks, but emphasized that future budgets would no longer support such a model.

“Fortunately, the other MILDEP CIOs, LTG Jeff Sorenson of the Department of the Army, and LTG Bill Lord of the Department of the Air Force, understand the importance of sharing the resources that are necessary to succeed. When it comes to cybersecurity, teamwork wins the day.”