A 'full spectrum attack' could overwhelm America's defenses, expert warns.
The Navy faces a broad challenge in cyberspace, with a mission that spans land and sea. (Photo from Navy Cyber Forces)
Editor's note: This story was modified after it's publication to correct a misattribution.
Like the other armed services, the Navy is undergoing an operational transformation of sorts to accommodate cyberspace as the newest military domain. But unlike the others, the Navy must cover land and sea, its networks scattered across oceans and continents.
Navy and Coast Guard officials said April 9 at the Sea-Air-Space conference in Maryland that they are learning as they go, through experience and through partnerships and collaboration with the other services and with industry. Integrating those lessons into conventional operations has not necessarily been easy, but progress is being made, according to military leadership and private sector partners enlisted to help.
"We've learned a lot in the last couple years about the taxonomy...and using cyberspace to our advantage," said Rear Adm. Michael Hewitt, deputy director of the special programs cross-functional team at the Joint Staff. "There are traditional kinetic and non-kinetic ways to disadvantage the enemy that don’t require cyber activity...we're looking at traditional military capability and how we can repurpose those and apply them to a non-kinetic environment."
As is the case in many agencies, leaders in the DOD cyber realm are feeling the pressure that comes with a fast-moving threat that is up against sluggish policymaking. As a result, critical networks remain at risk, panel members noted.
Lou Von Thaer, president and corporate vice president at General Dynamics AIS, revealed that teams assembled to test DOD network security were able to break in at alarming rates.
"Our DOD cyber red teams, using only tools downloaded from the Internet, have been very successful in [penetrating DOD networks]," Von Thaer said. "Our study came to the conclusion that the United States should have no confidence that its military systems would work today under a full-spectrum attack with a sophisticated and well-resourced adversary."
As a result of those findings, he said, the team made recommendations to DOD leadership to improve security. They included a three-prong strategy that involves identifying the most high-end threats and ways to deter or prevent attacks from them; minimize impacts of low- and medium-end attacks through incremental defenses such as systems for intrusion detection and situational awareness; and preparing for high-end attacks by focusing on intelligence, understanding adversaries' intentions and continuing to build up cyber capabilities.
Those findings and subsequent counsel are not falling on deaf ears in the defense community, where such efforts are under way to provide troops and commanders in the field with cyber capabilities that are on par with those of the more traditional kind, panelists said.
"If we think we're going to do cyber offense in the closet somewhere, we've totally missed the boat on this thing," said Vice Adm. Michael Rogers, commander of U.S. Fleet Cyber Command and the 10th Fleet. "We need to be able to integrate the desired effects we're going to achieve into a commander's options and we need the commander to make the decision enlisting the best tools, with the authorities to do it."
Rogers was optimistic that the Navy is on its way there, stating that he is receiving no pushback on those efforts.
"Clearly at the moment there are some limitations on what we can do, but we are still early in the cyber generation," Rogers said. "The positive side is we have a vision of where we want to go."
That optimism was shared across the panel, where information-sharing and collaboration were uniformly noted as top priorities moving forward, including in protecting critical infrastructure.
"We're starting to see the benefits of the things we're learning jointly...we're starting to see more information each and every day that is helping us defend our networks," said Rear Adm. Robert Day, Coast Guard deputy CIO. "We're leveraging already-existing, long-standing relationships we've had with our maritime partners. We don't have to reinvent the wheel. We can use what's out there."