Is the Navy's New Cybersecurity Program Shipshape?
A visionary program may redefine the ability to quickly adapt to cyber combat.
The Navy’s new Combat to Connect in 24 Hours (C2C24) is an ambitious program that has the potential to change naval warfare as we know it.
The program is designed to improve operational efficiency by automating the Navy’s risk management framework (RMF) efforts; providing sailors with near real-time access to critical data; and accelerating the Navy’s ability to deploy new applications in 24 hours rather than the typical 18 months.
Most importantly, C2C24 is using open source technologies and a unique cloud infrastructure to reduce the network attack surface and vulnerabilities. The Navy is standardizing its network infrastructure and data on open source code, and using a combination of shore-based commercial cloud and on-ship “micro cloud” for information access and sharing.
But malicious nation states are continually seeking ways to compromise defense systems—and they tend to be able to react and adjust quickly. As Navy Rear Adm. Danelle Barrett said, “Our adversaries don’t operate on our POM (program objective memorandum) cycle.”
With its ship-to-shore infrastructure, C2C24 could provide an enticing target. To complete its C2C24 mission, the Navy should pay special attention to the final two phases of the RMF: information system authorization and security controls monitoring.
Knowing who, when and where
With C2C24, roughly 80 percent of that mission-critical data will be stored on the ship. This will allow personnel to make operational decisions in real time without having to go back to the shore-based cloud to get the information they need at a moment’s notice.
But what if someone were to compromise the onshore cloud environment? Could they then also gain access to the ship’s micro cloud and, by extension, the ship itself?
It’s important for personnel to be notified immediately of a possible problem and be able to pinpoint the source of the issue so that it can be quickly remediated. They need to see precisely what’s happening on the network, whether that activity is happening onshore, onboard the ship or over the Consolidated Afloat Networks and Enterprise Services (CANES) system, which the Navy intends to use to deliver C2C24.
They also need to be able to control and detect who is accessing the network. This can be achieved through controls like single signon and access rights management. Security and event management strategies can be used to track suspicious activity and trace it back to Internet protocol addresses, devices and more.
In short, it’s not just about getting tools and information quickly, but about thinking of the entire RMF lifecycle, from end to end. In the beginning, it’s about understanding the type of information being processed, where it’s stored and how it’s transmitted. In the end, it’s about controlling access to that information and monitoring it.
This is particularly important on a shipboard environment where information means different things to different people. A person managing course corrections will need access to a particular data set, while someone managing weapons targeting may need different data altogether.
Controlling and monitoring the information flow is paramount to making sure that data stays in the right hands. Further, ensuring the data is the data that is expected and not misinformation injected into the system by bad actors who have compromised the infrastructure is equally important.
Malicious attackers aren’t the only threat.
Security is not the only concern. One of the core goals of C2C24 is to make the Navy’s operations run more efficiently. Information and applications are to be obtained more quickly so that warfighters have what they need in a more expedited manner.
But different incidents can undermine this effort. A commercial cloud failure or lost satellite connectivity could play havoc with a ship’s ability to receive and send information to and from shore. These issues can compromise commanders’ abilities to make decisions that can affect current and future operations.
Thus, it’s just as important to keep tabs on network performance as it is to check for potentially malicious activity. Commanders must be alerted to network slowdowns or failures immediately. Meanwhile, personnel must have visibility into the source of these issues so they can be quickly rectified and the network can be restored to an operational state.
Fortunately, the fact that the Navy is basing C2C24 on a standardized infrastructure open source tool makes this easier. It’s simpler to monitor a single set of standardized network ports, for example, than it is to monitor nonstandardized ports and access points. And an open source infrastructure lays the groundwork for any number of monitoring solutions that can provide better visibility and network security.
This standardization, along with its other components, makes C2C24 a visionary program that has the potential to redefine the Navy’s ability to adapt quickly to any situation and significantly improve its security posture. Warfighters will have the right information and applications much faster than before, and data security will be greatly improved—particularly if network monitoring is made an instrumental part of the effort.
Jim Hansen is vice president of products, security and cloud, SolarWinds.