Readiness of the U.S. Military Means Being Cyber-Ready
As the U.S. military faces even more sophisticated adversaries, the services need to put cyber at the forefront, especially in operations. And as the military works to implement zero-trust architecture by 2027, cyber provisions must evolve beyond traditional information technology (IT) and into operational technology (OT), noted Anne Schumann, principal cyber advisor, Department of the Navy, speaking at AFCEA International’s TechNet Cyber conference in Baltimore, May 7.
To succeed, the U.S. military must have more accountability for cyber, especially in this budget-constrained environment.
For Schumann, who has been in her role of principal cyber advisor for four years, this means establishing cybersecurity as a fourth pillar in the acquisition processes, just after cost, schedule and performance requirements in contracts.
“It is about readiness,” Schumann emphasized. “The readiness of our forces, the readiness of our critical infrastructure, of all of our warfighting platforms, our ships, our submarines, our weapons systems. They are all critical to the next fight, which is already upon us.”
The U.S. Department of Defense's (DOD’s) MOSAIC framework will be a foundation for OT cybersecurity, she continued. This will help apply cybersecurity to operations more broadly.
“On the operational technology side, we need a similar lexicon and level of understanding of what it means to apply zero trust for operational technology,” Schumann noted. “The DOD has been investing in developing the MOSAIC framework for a few years now, and I'm happy to announce that it is finally published.”
The next step would be to obtain feedback from the defense industrial base, and then, after that, the hard work of putting it into operations.
“Like all things zero trust, it's never done,” she said. “It will be a living document. And the framework is just a first piece of the foundation. The next step is actually bringing our weapons systems and our facilities into a secure environment, applying those controls, understanding what a secure enclave looks like for OT.
I think we are at a place now of maturity to talk about cyber together with other non-kinetic effects, and that is really going to be the defining characteristic of any next conflict.
Schumann also noted that it may not be the traditional IT experts who provide “the overwatch” for OT.
“It is probably not the same people that are currently our cybersecurity service providers,” she suggested. “This is a different skill set recognizing and training that are going to be critical to getting where we need to go with OT cybersecurity.”
Schumann also dispelled the notion that cyber warfare was not warfare when compared to kinetic operations, clarifying that cyber warfare, or information warfare, can “break things,” like kinetic weapons can. “I think we are at a place now of maturity to talk about cyber together with other non-kinetic effects, and that is really going to be the defining characteristic of any next conflict.“
Information warfare will make the difference, she noted. “This is how we bring our sailors and Marines home,” Schumann concluded. “This is how the secretary of the Navy signs fewer condolence letters, through investment in non-kinetic effects. I don't know a stronger argument for the importance of the cyber discipline in warfare.”
TechNet Cyber is organized by AFCEA International. SIGNAL Media is the official media of AFCEA International.
