Navy tightens cybersecurity training rules

Directive aims to strengthen information assurance workforce and compliance

The Navy secretary has  issued a directive calling on the service to establish policy and implement new training to better arm its information assurance workforce for cybersecurity challenges, according to a release from Rob Carey, the Navy Department’s chief information officer

Because “cyberspace and cybersecurity capabilities are essential to achieve warfighting and business missions across the operational force, expeditionary force, air, surface or undersea domains," personnel who provide cybersecurity expertise must be able to meet rapidly changing missions areas, the secretary’s instructions said.

According to the orders, Navy and Marine Corps deputy CIOs must ensure their respective information assurance workforces comply with identification, training and certification requirements. High-level Navy officials, such as commanding officers, commanders and civilian agency heads, must develop an implementation plan for information assurance workforce management, and major subordinate commands and high-level information officers are required to establish a chain of command and track and report compliance status.

Under the directive, issued July 8, DOD has established a Dec. 31 deadline to certify 100 percent of the military services’ IA personnel carrying out technical and management functions and 70 percent of personnel involved in computer network defense, architecture and engineering.

“Commanders [and] commanding officers should take immediate action to ensure command cybersecurity/IA billets are identified and the personnel and trained and certified to the required DOD baseline certification per service requirements,” the Navy CIO’s announcement said. The announcement suggestions for immediate action, among them “team training through the virtual training environment.”

The orders also provide for servicewide supervision of implementation through establishment of an IA Workforce Management, Oversight, and Compliance Council that will take the program lead.

Per the orders, the council will be in charge of these matters:

  • Developing strategies;
  • Ensuring compliance;
  • Reviewing the enterprisewide picture of manpower and requirements and adjusting as necessary to meet the Navy IA mission;
  • Validating training, education and certification standards and competency requirements, and;
  • Assisting in career path development.

The Navy acquisition community is required to carry out the IA workforce requirements as well, according to Carey's announcement..

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

2014 Rising Star Awards

Help us find the next generation of leaders in federal IT.

Reader comments

Tue, Aug 24, 2010 Tina

Great, another unfunded mandate. I just finished the Security+ certification process. I didn't learn one single thing that will help me do my job better or more securely...and it only cost: 40 hrs (class and exam) + 9 hrs self-study time + cost of class (not sure of amount) + books purchased separately. That comes to a bit under $4500. My OE class and exam probably about the same. Let's not forget the cost of shuffling the huge amounts of paper work now required for training requests. Multiply that by all of the IAWF and that is a huge amount of money with no proof of return on investment. For my location, that is over $5,000,000. Now they are adding all of the IASE/etc workers. I am all for training and increasing knowledge of the workforce. But let's do it smartly and cost effectively.

Thu, Jul 22, 2010 Cyrus

Training IAMs is a small part of the answer.

From first-hand experience, until the Mil Service acquisition community gets serious about building IA into their program deliveries, our adversaries will continue to enter the systems and exfiltrate large volumes of data at will. As it stands now, cost and schedule is the greatest stumbling block to our ability to defend our networks. I'd go so far as to say that our myopic focus on cost and schedule is the greatest enabler of our adversary's successful netops.

Mon, Jul 19, 2010 Don Pensacola

I believe that the Computer Environment/Operating System certification should be part of the professional qualifications and not be included as part of the IA workforce program. Keep the IAWF as that, IA.//

Mon, Jul 19, 2010 ia guy

what if DoDI 8500.2, CJCSI 6510, et al, are horribly off the mark anyway for tactical networking systems? that's been one of the major barriers to progress for the last 8-10 years despite large investments in GiG Systems Engineering teams, NCIDs, GTF, GiG IA Architecture......tactical is differnet from GiG Core and no one has a refernece architecture yet...not one has crystalized the mix of OPERATIONAL and technical knowledge skills/human capital needed to work effectively in this space. the reflexive "we alrady have rules...no one is following them" mindset misses the more fundamental dilemma.

Fri, Jul 16, 2010 Susan Alders Millington, TN

Cyber Training is all well and good however it does NOTHING if the command IAM is unable to enforce the DoD and DoN as well as the FISMA Information Assurance (IA) requirements within the commands network. The Navy CIO and his subordinates MUST look at things from the deck plate perspective. Commands have NOT structured the Command IAM into a position of authority nor have they empowered them with the authority to ensure the Information Compliance is implemented. In to many commands the IAM is thrown into the IT Operations department with a GS 13 or 14 (CAPT equivalent) over them who does NOT see IA as anything more then a hindrance. Yes, this is a reality at the deck plate level throughout the navy. The Command IAM MUST should be in a separate department/division who answers to the Commanding Officer ONLY. Who also reports to the Commanding Officer ONLY. The Command IAM has a designation letter from the Commanding officer however in most commands that is NOT who the IAM reports to. The IA program required via FISMA (DoD and DON) a Configuration Control Board (CCB) to be established and the IAM MUST be a full active member. In most commands this is either NOT established or they do not meet on a regular (monthly) bases to ensure IT changes are being adhered to IA compliance.
The Deck Plate IA organizational structure is broken and before we can say all is well with the Command IA training program we have to look at the IA infrastructure and ensure we provide the Command IA with the position and authority to ensure ALL IA components are in compliance.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above