Cyber Security Success Hinges on Cooperation, Resilience
By NICK ADDE, Seapower Special Correspondent
NATIONAL HARBOR, Md. — As the Navy implements protections against cyber attacks, leaders in each major community have come to understand that success will hinge upon cooperation. Furthermore, there must be realization that there will be attacks, and systems will be penetrated. The focus, therefore, should be on resilience.
Five panelists who are responsible for developing a unified approach to cyber security outlined they visions and challenges they face in fulfilling their mission during an April 4 panel discussion at the Sea-Air-Space Exposition.
Information warfare director Rear Adm. Nancy A. Norton, who moderated the panel, told the audience that the Navy now is shifting its focus toward an organizational approach that would tackle cyber security service-wide, throughout all domains. In past years, she said, time and effort was more focused on working on processes and plans.
“We need to develop a cyber resilience strategy, despite inevitable compromises. We need a comprehensive approach,” Norton said.
Sailors in every Navy community would need to be able to identify and detect cyber attacks, Norton said. They also will be required to react and restore breaches. They will need to protect cyber systems to the fullest extent possible. And they will have to understand that users are going to need to move among different domains — at the very points where systems are most vulnerable.
“In the past, we focused on looking into the inspection process too heavily,” said Brian Marsh, head of communications and networks at Space and Naval Warfare Systems Command.
Success will hinge upon modifying requirements and lessons learned, with the understanding that programs — despite the best-laid plans — “never implement everything perfectly,” Marsh said.
“We have very good control system personnel, and cyber security personnel,” said Robert G. Baker, command information officer for Naval Facilities Engineering Command. “We lack — and need to train — enhanced users — control system personnel who are well-versed in cyber security enough to perform their mission and task.”