NMCI to shore up security

Some Navy networks have virtually no protection from cyberattacks, according to the officer who spearheads the Navy's efforts to assess network security.

Such vulnerabilities have resulted in 40 instances of root access to Navy systems this year, including some that took days to detect, said Capt. Jim Newman, who leads the Navy's "Red Team," the group of 20 sailors and civilian personnel who attempt to break network defenses.

Newman said the Navy Marine Corps Intranet has proven to be much more secure and offers some inherent security advantages.

So far this year, the Navy has tracked some 16,000 incidents where somebody attempted to enter a Navy system. Of those, about 400 were considered significant attempts to obtain root access — the level at which someone can access the network's functions. Of those attempts, about 40 succeeded in gaining root access, Newman said during a Nov. 13 press briefing.

Navy officials acknowledged that although some of the service's networks are well-protected — especially those used at sea for warfighting — some of the shore networks have little or no protection.

In a typical test of the Navy's existing shore-based networks, the Red Team can find 40,000 to 150,000 vulnerabilities in a network of about 8,000 machines, Newman said.

During the past two years, the Navy has been hardening the most critical systems, he said, and the service has developed a multilevel defensive system where an intruder might be able to access less-sensitive systems but would be barred from more critical data.

Meanwhile, the Navy has started rolling out the $6.9 billion NMCI, which Newman said will enhance the service's network security stature. "On the shore side, NMCI is building a defensible network structure," he said.

During a recent similar test of the NMCI network operations centers, the Red Team found no vulnerabilities. "That is NMCI," Newman said.

In part, NMCI will streamline the Navy's network functions by centralizing management of the Navy's network. Currently, the scores of Navy networks are operated independently, Newman said, and they often have different security policies and standards. Without standardization, adding applications or updating software can create security vulnerabilities, he said.

NMCI also will provide users with training about the importance of security and their role in securing the network, Newman said, something that has not existed previously.

The centralized network also will enable the best-trained personnel to work on the overall network.

Among the NMCI service-level agreements are security standards that include defeating Red Team attacks on the system, said Garnet Smith, a project manager with the Space and Naval Warfare Systems Command.

NMCI has just started to be rolled out across the Navy. The first 550 seats were recently rolled out at the Naval Air Facility, Washington, D.C.

About the Author

Christopher J. Dorobek is the co-anchor of Federal News Radio’s afternoon drive program, The Daily Debrief with Chris Dorobek and Amy Morris, and the founder, publisher and editor of the DorobekInsider.com, a leading blog for the Federal IT community.

Dorobek joined Federal News Radio in 2008 with 16 years of experience covering government issues with an emphasis on government information technology. Prior to joining Federal News Radio, Dorobek was editor-in-chief of Federal Computer Week, the leading news magazine for government IT decision-makers and the flagship of the 1105 Government Information Group portfolio of publications. As editor-in-chief, Dorobek served as a member of the senior leadership team at 1105 Government Information Group, providing daily editorial direction and management for FCW magazine, FCW.com, Government Health IT and its other editorial products.

Dorobek joined FCW in 2001 as a senior reporter and assumed increasing responsibilities, becoming managing editor and executive editor before being named editor-in-chief in 2006. Prior to joining FCW, Dorobek was a technology reporter at PlanetGov.com, one of the first online community centers for current and former government employees. He also spent five years at Government Computer News, another leading industry publication, covering a variety of federal IT-related issues.

Dorobek is a frequent speaker on issues involving the government IT industry, and has appeared as a frequent contributor to NewsChannel 8’s Federal News Today program. He began his career as a reporter at the Foster’s Daily Democrat, a daily newspaper in Dover, N.H. He is a graduate of the University of Southern California. He lives in Washington, DC.


  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/Shutterstock.com)

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected