Navy Trains Cyberforces, Eyes Friendly Vulnerabilities
Threats to areas outside of its control may pose the biggest challenge to the sea service.
Sea states are giving way to cyberthreats as the biggest variable affecting U.S. Navy operations. While the Navy is working with the other services and the U.S. Cyber Command to protect and defend its networks, it also is shaping its own cyberforce to deal with digital challenges outside of its normal purview.
These challenges range from hackers penetrating networks belonging to contractors who do business with the Navy all the way to cyber attacks that could wreak catastrophic damage on a national scale. The Navy must train a cyberforce that can work with the other services under an umbrella being built by the U.S. Cyber Command (CYBERCOM), and it must be able to support current maritime and ashore operations while responding to joint or national missions.
“We have to operate the network as a warfighting platform,” declares Vice Adm. Jan E. Tighe, USN, commander, Fleet Cyber Command and commander, 10th Fleet. “We have to be able to measure what that means, in terms of its availability and in terms of its integrity/security.”
That effort is not limited to Navy networking. Adm. Tighe says the biggest cyber challenge facing the Navy is the protection of sensitive but unclassified (SBU) information that resides outside of its networks. This information is important to the Navy and could give an adversary an opportunity to narrow the Navy’s warfighting advantage, but the Navy has no control over it. This SBU data can be found in academia, in the defense industrial base and in research centers that are not protected by the Defense Department’s defense in depth.
Adm. Tighe points out that the Navy depends on industry greatly, and the commercial sector needs this SBU data as well as its own intellectual property to deliver the technologies and capabilities the Navy needs. The Navy could find its military advantage eroded or even countered if that information falls into the hands of potential adversaries. The closing of that warfighting advantage is of particular concern, she offers.
“We never want to send our Navy into a fight that’s fair,” Adm. Tighe declares. “We want an overmatch.”
The Navy learns of an SBU data loss when a commercial firm reports it to the FBI. The Naval Criminal Investigative Service (NCIS) conducts an investigation of what data was lost and to whom, and then the Navy goes into a damage control mode to assess the effect on national security and maritime operations. The admiral emphasizes that the Navy has been proactive about cyberthreats for some time, but its external partners often have forced it into a reactive stance as a result of their own security lapses. Instead of being confined to a “forensic cleanup,” the Navy must be more proactive in ensuring this external SBU data is protected against current and future threats, she says.
Recent headline-making cyber intrusions have increased private sector interest in cybersecurity, the admiral observes. This in turn provides a greater opportunity for Navy cyber to team with the FBI, the NCIS, the Department of Homeland Security and others to work better on information security among its partners. These partners often point out that they do not have the resources to respond even to indications of a potential cyber attack, but the government organizations have the means to investigate suspicious activities and isolate them before damage is done.
“The reason we [the Navy] have the ability to do this is we’ve made conscious decisions as part of warfighting that this is warfighting, and we have to be able to respond to things that might be the beginning of malicious activity on our network and stop it early, before the data is gone or destroyed,” she states. “Several years ago, we focused on being proactive in looking for those indicators so we stop [a cyber attack] in its tracks.”
She continues that the commercial cybersecurity industry has been creating good products that can help determine which malicious cyber activity has been taking place. How the nation implements those products is a matter of choice, and this is an area that needs improvement.
“The Navy has made [cyber] commanders’ business—it’s about your ability to operate … your mission can be interrupted if you have an issue with cybersecurity,” she states. “So, being more proactive is an important lesson we can share with the leaders of academia and industry.”
Two major network architectures underpin naval cyber—the Consolidated Afloat Networks and Enterprise Services (CANES) for seagoing assets and the Next-Generation Enterprise Network (NGEN) for ashore facilities. Adm. Tighe emphasizes, however, that the Navy does not differentiate between the two when it comes to cyber operations. “The cyber domain is global in nature; it is not bound between shore and sea,” she says. “Navy cyber operators are in a space that transcends both sea and shore, so we have to be able to support the Navy’s freedom of action in cyberspace for all missions.”
She allows that the Navy has the capability to view cyberspace globally as well as in a regional context. This allows it to detect and gather security data either from across both enterprises or from local units.
“Cyberspace is a warfighting domain that has to be defended as such and through which we will deliver warfighting effects. We have evolved to treating it like a warfighting platform,” she explains. “I’m going to fight it as the supported commander; I’m in charge of thinking about that platform so that it’s available and secure for the entire Navy and all the missions around the globe that different commanders may be involved in. At the same time, the peace parts of that cyber platform on a daily basis are supporting other operational commanders out there.”
Throughout the Navy, the service requires all its personnel to complete annual training in information assurance. “The risk to our network based on individual users interfacing with that network on a daily basis, without their understanding the risk or the threat that exists in their online behavior, [is] they are basically increasing the attack surface, the opportunity, for adversaries to get into our network and do damage,” Adm. Tighe declares. “The training of all hands is a very important aspect that we are building on.”
The admiral relates that her command has been working with the Naval Education and Training Command and the chief of Naval personnel to create a more expanded and enhanced cyber awareness training for all hands. That should be rolling out over the next 12 months or so, she says.
The Navy’s information dominance corps serves as the font of the service’s cyberwarriors. Adm. Tighe points out that many of the ratings necessary for the force to be successful in cyber are wholly contained within that information dominance corps. Over several years, the training agent has developed within that corps from all over the world. The Navy created a rating in 2005, the CTN rating, that comprises both intelligence and network defense. Both the demand, and the sophistication of the training that must be provided, for these cyberwarriors is growing, she observes.
Training begins in the traditional schoolhouses, but as the different work roles evolve, the Navy is developing specific training for them. Adm. Tighe notes that CYBERCOM, working with the National Security Agency’s (NSA’s) Central Security Service, has created the startup training for the Cyber Mission Force. Over time, that training will move to the services, and the Navy is working with the other services on how to divide up that training to avoid duplication. The services would send their cyberwarriors to each other’s schools, she explains.
In a joint operation with the other services, the Navy would be responsible for operating and defending its own network presence as a baseline, the admiral relates. That role will expand with the evolution of the Cyber Mission Force, as each service is being tasked with building specific teams across the three missions facing this force. Some of those Navy teams might be commanded and controlled by the 10th Fleet or by a combatant commander or by CYBERCOM in a joint operation, she points out. She adds that the Fleet Cyber Command could serve as a CYBERCOM joint force headquarters in which she might be the command and control element of the cyber forces for any combatant command that might be conducting a joint operation.
Among the Navy’s roles for the Cyber Mission Force is to create teams that, if called upon by the president, would defend the nation against cyber attack. This would include attacks on non-Defense Department targets, she notes. These teams would operate under the command and control of the Cyber National Mission Force.
The second aspect of Navy participation in cyber efforts are cyber protection teams. These teams are oriented around different aspects of the Defense Department network, and they would be called upon to protect a network if the Navy were a lead element in a forward deployment.
The third aspect is cyber combat mission forces. They have been created to support the combatant commanders, and in peacetime they are part of the commanders’ deliberate planning process. This force is designed to create warfighting effects that can be integrated into joint plans and used in the event of contingencies, Adm. Tighe offers. “The combat mission force is intended to be available to that combatant commander to be able to deliver cyber operations in support of whatever operation is going on,” she adds.
Several major changes are underway in Navy cyber. In October 2014, the Navy stood up an information dominance forces type commander to generate readiness for the operational commanders. These type commanders will extend throughout all elements of the service, and they are a new entity that would make cyber like the other warfighting domains. Adm. Tighe expects to see material changes and improvements as they focus on force readiness and capabilities, while the cyber command focuses on operating those capabilities.
One ongoing change in Navy cyber, Task Force Cyber Awakening, will generate “fundamental change” in the way Navy cyber approaches its planning, programming, budget and execution process, she says. This applies to defining systems as well as “what ‘good’ looks like as it pertains to cybersecurity” across all systems, not just command, control, communications, computers, intelligence, surveillance and reconnaissance (C4ISR) systems, Adm. Tighe emphasizes. “We will be going into acquisition eyes wide open as it pertains to risk to missions in weapon systems and other non-C4ISR systems,” she adds.
“We are changing our processes and culture to reduce the attack surface [to an adversary], and then [my command is] layering sensors and countermeasures in place to try to prevent known threats from getting into the network as it exists—as well as looking for any kind of anomalous types of activity,” she concludes.
Another part of the admiral’s mission is signals intelligence (SIGINT). A portion of the Navy’s cyber force is focused on SIGINT as a component of the NSA, and it serves the rest of the Navy embedded in tactical platforms and providing support from ashore.
The 10th Fleet also is measuring “its maturity and progress” in delivering warfighting effects in cyberspace, the admiral allows. These measurements will focus on creating those effects for the combatant commanders.
One goal for Navy cyber is to create a shared cyber situational awareness, which Adm. Tighe describes as “an absolutely necessary element” of being able to operate the network as a warfighting platform. Being able to see and understand the network, as well as detect adversaries and bring together information that increases Navy network agility and shifts maneuverability away from adversaries, all are benefits of success in that goal, she offers.