The Department of Navy’s Cyber Command is finalizing a new strategy as part of its five-year anniversary. That new document outlines the concept of integrating cyber into the broader warfighter domain.
The first of the DoN’s five tenets outlined in the forthcoming strategy is to operate the network as a warfighting platform.
This is a distinctly different approach to cyber than the Navy and, for that matter the Defense Department, has taken before.
“This platform, this set of environments is directly relevant to the ability of the U.S. Navy and in a larger sense, the joint force, to accomplish the missions that it may need to accomplish to meet national aims,” said Kevin Cooley, the executive director and chief information officer for the Navy’s U.S. Fleet Cyber Command, after a panel discussion at the C4SIR and Networks conference in Arlington, Virginia. “I’ve been working in the DoN for nearly 10 years and the degree of attention, the degree of interest, the nature of the dialogue across the U.S. Navy at the flag rank, at the senior executive rank, all across the force is dramatically different than it was 8 or 10 years ago. We are seeing the response to this in the way we program, where money is placed on programs, so we see shifts there. We see shifts in terms of how people are spending their time. Flag officers from the four-star rank all the way down are spending a significant amount of time looking at this issue and thinking very, very seriously and deeply about how to effectively integrate warfare in cyberspace with warfare in traditional domains in a way that maximizes capabilities, effectively manages risks in the most economical way possible.”
It’s not just the Navy. The Defense Information Systems Agency (DISA) also is starting to consider how the Joint Regional Security Stacks (JRSS) can be operationalized as a weapons system instead of just a back-office function.
DISA is starting to talk about how to create cyber sovereignty through the JRSS. Gen. Ronnie Hawkins, the DISA director, said the JRSS is a game changer for how DoD will do command and control going forward.
“When you start looking at the command and control and the capabilities that we are going to put at the combatant commander’s fingertips, not necessarily at the signal, communicator, cyber fingertips, we are getting ready to change the way we work,” he said. “In fact within DISA, within the joint force headquarters, we are even training differently. What I’d like to submit from a perspective with industry and the industry partners that bring the JRSS together because it is not one industry component that is doing that, it is multiple industry components. I would tell you that we have to get it to where we treat the JRSS as a weapons system and we are operationalizing that within DISA and within the Department of Defense.”
Shrink the attack surface
While DISA and others in DoD continue to contemplate the operationalization of cyber, the Navy strategy expands on the concept.
Cooley said plans came out of an effort that looked at how the Fleet Cyber Command relates to the joint community at large and how it has matured over the last four years.
He said operating the network as a warfighter platform means the Navy has to have assured command and control across all of those networks.
Cooley said to get better network assurance the Navy must reduce its attack surface.
“This involves everything from ensuring compliance to combating routine attack vectors like spear phishing to making sure we have an effective way of applying remediations for malware in the form of patching or new versions of software,” he said.
Cooley said applying defense in-depth tools and processes that balance capabilities and costs, and ensuring cyber is marbled throughout the financial, acquisition and budgeting processes also is a part of this cyber in the warfighter domain concept.
It also means ensuring the Navy has the ability to use cyber in much the same way it would use kinetic weapons.
Cooley said if the Navy or any service would need to disrupt an enemy’s supply chain, they could bomb the airport runway, mine a port so ships can’t dock, or they could conduct a cyber attack to take out power or water or other critical infrastructure. That’s how the Navy is integrating cyber into all domains of warfighting and not just making it a separate domain.
The second goal of the strategy is for the Navy to conduct tailored signal intelligence to focus on specific network tools to help collectors or analysts do their jobs.
The third goal is to conduct offensive operations in cyberspace. Cooley said the DoN has to find the right balance between defensive operations as part of operating their networks and conducting offensive operations under the authorities that come from the U.S. Cyber Command.
Lacking situational awareness
The Navy specifically highlighted the fourth and fifth tenets instead of folding them into the previous three because of their importance.
“The first one is shared cyber situational awareness. You can make an argument that it’s part of operating the network as a warfighting platform, that it’s part of assured command and control, but we feel like the lack of capability there is so significant and the operational relevance of that capability is so significant that we are actually calling that out as a specific goal in the plan,” Cooley said. “And then lastly, establishing the Navy’s cyber mission forces. There are 40 teams that are being established across the nation [for all of DoD]. Those are the folks that are going to go out and do the nation’s bidding in this warfare domain.”
The final strategy will be made public when it’s ready, which should come early this summer, Cooley added.
DISA’s Hawkins said DoD’s implementation and use of the JRSS will give this idea of operationalizing cyber a big lift.
He said the JRSS is making progress. The Army is first to move to this new security architecture, and the Air Force is close behind. The Navy and the Marines Corps will come along when JRSS reaches version 2.0.
Hawkins said an important part of making cyber part of the warfighter domain is for the JRSS to move out of testing labs and into a cyber range.
Similar to a firing range where the military tests guns or weapons, a cyber range tests capabilities, both offensive and defensive, in specific settings that servicemen and women could face in the real world so they can learn what to do and what not to do.
Cooley said ranges help assess the human and technical components of cyber skills and capabilities.
Currently, DISA runs a cyber test range for the Marine Corps.
“We are building it out. We did fund it internally in the Marine Corps to build out the tier 2 and tier 3 levels. The tier 1 is nearly done,” said Gen. Kevin Nally, the CIO of the Marine Corps. “All the services — the Army, the Navy, the Air Force and to include us, the Marine Corps — are all using cyber range. It’s busy every day. The personnel in there are activity engaged.
We’re using it in exercises within the Marine Corps. We are using it virtually as part of our 0689, which is our cybersecurity technicians course out in Twentynine Palms, as a capstone event. We are using the cybersecurity range as well.”
Hawkins said, by having the JRSS in a range, it also will let the operators move to a higher level of readiness when their skills are needed due to a cyber attack. The U.S. Cyber Command can call on them and they will be better positioned to defend against and attack a cyber adversary.