Cybersecurity

Navy workforce memo separates cyber from IT

Image copyright to the Navy: Sailors man the bridge helm station to the Arleigh Burke-class guided-missile destroyer USS Mustin (DDG 89) during a replenishment-at-sea.

The Defense Department has been restructuring its workforce in recent years to adapt to the challenges of its heavy reliance on cyberspace for missions. The Department of the Navy took a significant step on that front in a recent policy memo from Navy Secretary Ray Mabus that differentiates the IT and cybersecurity workforces.

The memo, dated Feb. 10 but released on a public-facing DOD website this week, establishes two workforce categories -- Cyber IT and Cybersecurity -- around which commanders are supposed to build training and credentialing.

A cyber IT professional is defined as someone who builds, operates and maintains IT networks. Those duties include the retirement of legacy systems. A cybersecurity professional, on the other hand, is someone who defends and preserves data, networks and network-centric capabilities. Those duties include the "integration of cybersecurity into all aspects of engineering and acquisition of cyberspace capabilities," the memo states.

The memo does not cover the DON cyber personnel who are allowed to conduct hacking operations on adversaries.

Anyone using DON IT systems is required to complete annual cybersecurity training beforehand, the memo states, and commanders can add more training requirements for their personnel.

Furthermore, the IT and cybersecurity qualification requirements for DON personnel must be put in a matrix and structured by role and specialty. The foundational knowledge required of IT and cybersecurity personnel should cover "operating system and computing environment concepts," according to the memo.

The new policy is data-driven: The status of personnel qualifications will be housed in massive DON databases.

The memo also addresses the so-called insider threat, which DOD officials have taken a keen interest in after the leaks of classified information by former National Security Agency contractor Edward Snowden. Anyone with privileged access to DON systems must adhere to a special agreement, and privileged access should be revoked when it is no longer needed, the memo states.

The instruction applies to all DON installations, including those under the Marine Corps' charge.

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected