Navy's Cyber Strategy: Transforming Technology
The new Department of the Navy Cyber Strategy, published in November, orders the service to rethink its technology. This is the service's first version of the cyber strategy and uses the National Defense Strategy (NDA) as well as the Department of Defense Cyber Strategy as precedents.
The document establishes seven lines of effort:
- Improve and support the cyber workforce
- Shift from compliance to cyber readiness
- Defend enterprise information technology, data and networks
- Secure defense, critical infrastructure and weapon systems
- Conduct and facilitate cyber operations
- Partner to secure the defense industrial base
- Foster cooperation and collaboration
“We are focused on aggressively enhancing our cyber enterprise while fostering cooperation and collaboration with our allies and partners,” said Carlos Del Toro, secretary of the Navy.
The first line of effort, dealing with personnel, is in accordance with the NDA and the material produced by the Department of Defense and other agencies that need top talent.
The second line, shifting to cyber readiness, has caught the attention of industry.
“We have to be ready for anything at a moment's notice and the whole idea of compliance checklists can actually create an insecure system for the Navy,” said Joel Krooswyk, federal chief technology officer at GitLab.
The document also pushes for more security from the start.
“For new systems, the [Department of the Navy] will integrate cybersecurity into the earliest stages of development through design and systems engineering processes that make cybersecurity an integrated element of acquisition instead of a separate effort,” stated the document.
For system protection, full zero trust and identity, credential, and access management (ICAM) are required.
We are focused on aggressively enhancing our cyber enterprise.
Keeping up with increasing system precautions could lead to slower innovation, and the Navy is taking this into account.
“Don't work compliance, but what we can do is automate a lot of those components and simplify compliance so that we can focus on the innovation, and we can focus on the rapid pivots required with [artificial intelligence]-level threats coming in,” Krooswyk told SIGNAL Media in an interview.
While the strategy sees an active role for industry, it also demands in-house systems be improved.
“Internal capability development requires robust and sustained investments to effectively transition the most promising capabilities from research and development into the hands of operators that support that,” the document stated.
Additionally, the document requires the Navy to improve cyber training infrastructure.
“The Department of the Navy must concurrently modernize our infrastructure, innovate rapidly, defend our information, secure our systems, survive adversary cyberattacks, and present forces and capabilities to strike in and through cyberspace,” the document concluded.