Defense

Navy retools cyber policy

Navy personnel IT

Navy Secretary Ray Mabus has made significant additions to the service's cybersecurity policy by requiring the implementation of a layered approach to cyber defense and the establishment of a departmentwide program to tackle insider threats.

Navy organizations, including the Marine Corps, "shall implement a defense-in-depth/defense-in-breadth [cybersecurity] strategy to mitigate information security risks throughout the entire life cycle of a system or network," the memo states. It is dated May 2 but was released publicly this week.

Defense Department officials have long espoused a defense-in-depth approach to cybersecurity that mirrors the multiple barriers an assailant often faces in attacking a government building, for example. Mabus is trying to drive home the point by reminding commanders that they will be accountable for implementing defense-in-depth.

The memo acknowledges the perils of the Navy's far-flung IT footprint by requiring a program to prevent personnel from stealing Navy data. "The [Department of the Navy] shall establish an integrated set of policies and procedures to deter, detect and mitigate insider threats before damage is done to national security, personnel, resources and/or capabilities," the memo states.

The memo also updates acquisition strategy by calling on officials to make sure cybersecurity is considered at every phase of a system's development and implementation.

The memo also rebrands the DON Information Assurance Program as the DON Cybersecurity Program.

The Navy, including its CIO shop, has in recent years released several policy documents aimed at overhauling its approach to cybersecurity. In February, Mabus issued a memo that differentiates the IT and cybersecurity workforces for training purposes. Starting in 2014, the service undertook a comprehensive assessment of its cyber risk through Task Force Cyber Awakening.

Given that there is no shortage of cyber-related policy guidelines to follow, the memo asks officials to report any way the new policy might conflict with existing federal and DOD policies. 

DON CIO Robert Foster issued his own memo this week that instructs DON officials on acquiring cloud computing services. The memo delegates approval authority to the deputy CIOs of the Navy and Marine Corps for the business case analyses officials must complete in order to buy cloud services.

That move is in keeping with DOD CIO Terry Halvorsen's push to decentralize the cloud acquisition process.

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected