Navy workforce memo separates cyber from IT
- By Sean Lyngaas
- Mar 04, 2016
The Defense Department has been restructuring its workforce in recent years to adapt to the challenges of its heavy reliance on cyberspace for missions. The Department of the Navy took a significant step on that front in a recent policy memo from Navy Secretary Ray Mabus that differentiates the IT and cybersecurity workforces.
The memo, dated Feb. 10 but released on a public-facing DOD website this week, establishes two workforce categories -- Cyber IT and Cybersecurity -- around which commanders are supposed to build training and credentialing.
A cyber IT professional is defined as someone who builds, operates and maintains IT networks. Those duties include the retirement of legacy systems. A cybersecurity professional, on the other hand, is someone who defends and preserves data, networks and network-centric capabilities. Those duties include the "integration of cybersecurity into all aspects of engineering and acquisition of cyberspace capabilities," the memo states.
The memo does not cover the DON cyber personnel who are allowed to conduct hacking operations on adversaries.
Anyone using DON IT systems is required to complete annual cybersecurity training beforehand, the memo states, and commanders can add more training requirements for their personnel.
Furthermore, the IT and cybersecurity qualification requirements for DON personnel must be put in a matrix and structured by role and specialty. The foundational knowledge required of IT and cybersecurity personnel should cover "operating system and computing environment concepts," according to the memo.
The new policy is data-driven: The status of personnel qualifications will be housed in massive DON databases.
The memo also addresses the so-called insider threat, which DOD officials have taken a keen interest in after the leaks of classified information by former National Security Agency contractor Edward Snowden. Anyone with privileged access to DON systems must adhere to a special agreement, and privileged access should be revoked when it is no longer needed, the memo states.
The instruction applies to all DON installations, including those under the Marine Corps' charge.
Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.
Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.
Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.