Defense

Navy retools cyber policy

Navy personnel IT

Navy Secretary Ray Mabus has made significant additions to the service's cybersecurity policy by requiring the implementation of a layered approach to cyber defense and the establishment of a departmentwide program to tackle insider threats.

Navy organizations, including the Marine Corps, "shall implement a defense-in-depth/defense-in-breadth [cybersecurity] strategy to mitigate information security risks throughout the entire life cycle of a system or network," the memo states. It is dated May 2 but was released publicly this week.

Defense Department officials have long espoused a defense-in-depth approach to cybersecurity that mirrors the multiple barriers an assailant often faces in attacking a government building, for example. Mabus is trying to drive home the point by reminding commanders that they will be accountable for implementing defense-in-depth.

The memo acknowledges the perils of the Navy's far-flung IT footprint by requiring a program to prevent personnel from stealing Navy data. "The [Department of the Navy] shall establish an integrated set of policies and procedures to deter, detect and mitigate insider threats before damage is done to national security, personnel, resources and/or capabilities," the memo states.

The memo also updates acquisition strategy by calling on officials to make sure cybersecurity is considered at every phase of a system's development and implementation.

The memo also rebrands the DON Information Assurance Program as the DON Cybersecurity Program.

The Navy, including its CIO shop, has in recent years released several policy documents aimed at overhauling its approach to cybersecurity. In February, Mabus issued a memo that differentiates the IT and cybersecurity workforces for training purposes. Starting in 2014, the service undertook a comprehensive assessment of its cyber risk through Task Force Cyber Awakening.

Given that there is no shortage of cyber-related policy guidelines to follow, the memo asks officials to report any way the new policy might conflict with existing federal and DOD policies. 

DON CIO Robert Foster issued his own memo this week that instructs DON officials on acquiring cloud computing services. The memo delegates approval authority to the deputy CIOs of the Navy and Marine Corps for the business case analyses officials must complete in order to buy cloud services.

That move is in keeping with DOD CIO Terry Halvorsen's push to decentralize the cloud acquisition process.

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.