The Navy marked the five-year anniversary of its Fleet Cyber Command Wednesday by rolling out a new cyber strategy to carry it through the next five. The plan is organized around five big-picture priorities, each of them accompanied by tasks the service says it needs to complete within the next 18 months. Navy leaders view the 18-month benchmarks as important because they will provide verifiable, measurable markers of whether their evolving cyber capabilities are actually delivering progress in defending service networks from adversaries and turning cyber into a weapon system that can be used by combatant commanders around the world, alongside or in place of bombs or missiles.
And so for a strategic goal labeled “operate the network as a warfighting platform,” the Navy’s measure of progress will be whether it makes it through the next 18 months with no major intrusions into its network.
“Ceding our home territory to an adversary is what we can’t allow to happen,” Vice Adm. Jan Tighe, the commander of Fleet Cyber Command and the Navy’s 10th Fleet told reporters. “We need to decompose all the steps of that and measure how we’re doing. How often are people trying to penetrate our networks? How successful are they? We don’t necessarily have those measures looking back historically so that we can prioritize against the threats that are coming at us and being able to respond with a sense of urgency.”
The Navy does know that it had a significant penetration of its systems by an organized nation state, reportedly Iran, two years ago. Tighe said that incident and the Navy’s massive response to it, called Operation Rolling Tide, has informed just about every major action her command has taken since then. And so far, the service has managed to fend off any similar attack.
Insight by Microsoft and ServiceNow: Experts from the State Department, Defense Logistics Agency and CISA will explore how innovation and security can happen in tandem in this free webinar.
“We have taken a whole lot of steps both operationally and from an investment perspective to prevent that kind of thing from happening, but every day new capabilities are being developed and we’re fighting an unknown threat,” she said. “So the best we can do in this space is respond with a sense of urgency with the resources that we have. As new defensive operational capabilities come into our network, I need to be able to demonstrate that those investments are providing a return. We have to be able to baseline how much quicker we can address an alert coming off of our network.”
The new strategy also aims to continue to transition cyber from a communication tool that supports traditional military operations to an option commanders can turn to deliver “effects” of its own on the battlefield. The strategy calls for the drafting of a guidebook for commanders, written in plain English, to describe the offensive cyber capabilities the service already has and how cyber might be a tool at their disposal to meet their missions.
“When we built the Cyber Mission Force, we acknowledged that combatant commanders are the ones who have needs for combat capability,” she said. “They drive what we create so that they can employ them as an operational plan. Maybe we don’t have a specific kinetic weapon for what they want to achieve, so they can try a non-kinetic option. The point is we are creating capability that fits into warfighting plans, not just because we can or it sounds like a good idea. Cyber might fill a gap that a commander has, or it might be the only capability that we use in a given operation.”
Integrating cyber into maritime operations centers
Tighe said Fleet Cyber Command also wants to fully integrate cyber into the maritime operations centers at the core of the Navy’s day to day operations — just as it’s already done for electronic warfare and signals intelligence. The overarching message, she says, is that cyber is not the sole province of the Navy’s cyber command.
“What happens if you’re the 6th Fleet commander performing your mission in the Mediterranean and you have an intrusion? How do we work together? All the other operational commanders’ missions ride atop the capability that we bring, and all of the decisions I have to make to defend the network affect and maybe restrict their ability to carry out their missions,” she said. “We have to make decisions together, because an intrusion into their networks could affect every other commander. You can’t just optimize on one platform, which makes it a much more complicated fight.”
There too, Tighe said the Navy is incorporating lessons from Operation Rolling Tide — the first time it had to make major and sudden changes to its IT systems in order to expel foreign hackers. Since many of those changes had implications for how the Navy does business and commands and controls its forces, they had to be coordinated with commanders. The new strategy takes as a given that the Navy’s operational commanders will need to be consulted before cyber command makes defensive changes to the network.
“They have to have the ability to say, ‘I can accept those changes in the following 100 areas. In these 10 areas, I can’t, so let’s figure out a way to mitigate the risk,'” she said. “You can’t shut down the Navy in order to defend the network, because that’s potentially worse than what the adversary was going to do. We have to work that cooperatively. We can’t defend the network just so that we have a network. Those kinds of ideas that we worked through in Operation Rolling Tide have permeated all of our exercises, and we’re creating new ones because of it.”
The strategy also emphasizes workforce development. The Navy is responsible for creating 40 of the 133 teams that will eventually make up U.S. Cyber Command’s Cyber Mission Force. For that service, most of the training will be handled by another organization, Navy Information Dominance Forces, the Navy’s new type command for cyber.
But Tighe said the new strategy requires her command to clearly communicate the skills the Navy needs from its workforce.
“I have a responsibility to send the demand signal as clearly as possible to the people who are responsible for creating the recruiting strategies,” she said. “And we know there are different types of aptitude. Some people are comfortable as technology users, and some people are comfortable and curious about how far they can take this. Those are the people we want to slot into the higher-end areas,” she said. “We have a defense language aptitude battery that helps us figure out who’s going to be good at languages. Where’s our aptitude test for cyber? People are working on this, because we need to be able to identify people with complex analytical skills who are also comfortable enough with technology to be successful, interested and excited about the work. So it’s a total force plan when it comes to the workforce build, meaning active, reserve and civilians.”