Improving Of Cybersecurity In The United States Navy Fleet
The United States Navy has been at the forefront of the nation’s battles and wars since the 1700s. The Navy’s Fleet modernized over the past few centuries, originating with wooden-hulled sailing vessels to the advancements we have in today’s steel-hulled ships, such as aircraft carriers, destroyers, and submarines. Sea was the primary focus of the warfighting domains of the Navy such as kinetic warfare in launching missiles and dropping bombs against the nation’s adversaries. At the turn of the century, the Navy’s Fleet continued to be modernized by technologically advances and there was a shift in focus of the established cyberspace domain. Over the last few decades, shipboard systems improved but also have become reliant on computers and other information systems. Those same systems also became interconnected and connected to the internet via the DoD Information Network (DoDIN), thus exposing ships to a potential cyber war. The same focus that was emphasized in defending their ships, must also be applied to defending shipboard networks.
Cybersecurity is the protection of information and communication systems to ensure its confidentiality, integrity, availability, authentication, and nonrepudiation. Without adhering to those protections, critical systems may not be available in combat situations. Operating shipboard networks in cyberspace still present plenty of security challenges. Every ship connected to the DoDIN in the Fleet is at risk. The nation’s adversaries have successfully breached information systems, which has led to stolen classified and sensitive information. Department of Defense (DoD) and Navy networks are attacked daily and adversarial attack sophistication is always evolving. Disconnecting from the DoDIN is not the answer as the Navy still needs to be able to operate in cyberspace, but ships must have the training, resources, and access to cutting edge technology at their disposal to defend their networks against malicious threats.
Upper leadership, such as shipboard Commanding Officers (COs), must set the tone in following the DoD and Navy cybersecurity policy. COs must have full buy-in and be directly engaged cybersecurity program. Day-to-day operational decisions are often left to lower-level leadership and those Sailors that are system administrators. Operating shipboard networks requires safe and responsible usage by all command personnel. “The Navy must overcome cultural barriers impeding the full integration of cyber capabilities through communication, training, incentives, enforcement of policies, and effective governance. This effort will focus on increasing awareness of cyber threats and continually improving the cybersecurity practices across the Navy. Successfully affecting culture change across the Navy” (Card, K. & Rogers, M., 2012). A top-down culture from the CO to the most junior Sailor must be established and maintained. Junior Sailors and network users are not absolved. Constant refresher training must be applied throughout the year in addition to the annual cybersecurity online course. The shipboard network security team should come up with creative and engaging training plan to drive home the importance of cybersecurity even at the lowest level.
The protection of shipboard networks and the assurance of security operations in cyberspace can be understandably very daunting. There are hundreds of instructions, policies, directives, just even at the Navy level, that must be adhered to. The exhaustive amount of policy and guidance can lead to cybersecurity being cumbersome. The Navy has developed some leadership guidance such as the “Commander’s Cybersecurity Handbook”, to inform COs a basic understanding of minimum requirements in how to maintain a cybersecurity program. How many COs have read through this handbook or even notified of it? If followed, it could help them understand the Navy’s cybersecurity program expectations. Although cybersecurity is considered a responsibility of all hands, it is the responsibility of COs and other shipboard leaders to ensure shipboard networks and information systems are protected through best practices.
Before COs take command of their prospective ship, they often go to various mandatory training before reporting called Intermediate Stops, such as Naval Justice School. Intermediate Stops provide necessary tools the CO must be familiar with when taking command. Cybersecurity should be approached the same way. The Navy should include a mandatory one or two-day course of instruction that provides them the information they need regarding cybersecurity policy of their networks. The expectations will be set before a prospective CO arrival. The COs will know what questions to ask, such as, “what is in our cybersecurity policy, how updated is it”, “what is the state of the network”, “does the CO receive daily or weekly reports”, “when was the last cyber inspection”? Having the ability of the CO to ask these questions initially, will certainly begin a culture change of top leadership’s cybersecurity awareness from day one. Some COs are not aware of the importance of cybersecurity until their Cyber Security Inspection and Certification (CSICP) or if a computer incident happens. Cybersecurity should be treated with the same vigor as the Navy Electronic Key Management System (EKMS) program. EKMS clearly holds the COs the mandatory authority of their EKMS account. COs are responsible for following reportable and mandatory procedures. Discrepancies in this program can have significant consequences. If this same approach is applied to their command’s cybersecurity program, the level of attention will heighten.
The training and experience of Sailors that administer and protect shipboard networks, remain as a key component to effectively operate Navy networks in cyberspace. It requires a highly skilled and trained group of Sailors. The Information Systems Technician (IT) rating is the Navy’s rating that is in charge of these networks. Unfortunately, this is not the only role of the rating. There are three core elements of the rating, telecommunications, network security, and system administration. This does make a well-rounded IT however, there is a high level of detail required to execute a command’s cybersecurity policy. To improve training, a start would be to break up the IT rating into two branches, (i.e. telecommunications and system administration), which will include network security. Once this is identified, those Sailors will have targeted training, certifications, specific Navy Enlisted Classifications, and refined skillsets in their respective rating branches. An IT with over 17 years in telecommunications experience, will not be placed in a system administrator or network security billet, which will eliminate any training curves. ITs with system administrator and network security skills can be continued to be invested and re-invested over the course of their career.
Shipboard networks have a computer network defense suite with intrusion detection and vulnerability scanning capabilities. The Host Based Security System (HBSS) provides the ability to detect malicious activities however, it is very limited in detecting all types of malicious activity as the adversary is always evolving. There are cutting edge, open source, and proprietary tools that can also be used in tandem with HBSS. The Navy has stood up cyber mission teams, such as the Cyber Protection Teams who specialize in defensive cyberspace operations, have these approved tools that could be used in the Fleet. Aircraft Carrier battlegroups have Sailors, specifically, Cryptologic Technician (Networks) rated, temporarily assigned to them during deployments with some of those tools and capabilities. This is only on an interim basis. The protection of shipboard networks is required 365/24/7. What happens when a ship at homeport and not on deployment? How do they immediately respond to real-time malicious cyber attacks? Do they wait for the Cybersecurity Service Provider? If shipboard network security personnel have access to additional defensive tools, many threats can be mitigated at their level.
Cybersecurity is critical to the Navy and all shipboard networks in the Fleet. The DoD and the Navy are under constant attack in cyberspace. “Attacks against DoD networks are relentless, with 30 million known malicious intrusions occurring on DoD networks over a ten-month period in 2015”. A comprehensive policy must be developed and implemented with support from all shipboard stakeholders starting with COs. There are worldwide conflicts COs must be prepared for at sea and ashore, but all shipboard information systems, whether related to missile defense, engineering, supply, telecommunications, depend on strong cybersecurity enforcement. Without the proper engagement of information systems security, these systems will not be available to defend against the nation’s adversaries at sea and in cyberspace.
References
- Card, K. & Rogers, M. (2012, November). Navy Cyber Power 2020, p. 12.
- Howard, T. & de Arimateia da Cruz, J. (2017, January). The Cyber Vulnerabilities of the U.S.
- Navy.https://www.maritime-executive.com/editorials/the-cyber-vulnerability-of-the-us- navy.