Sending cyber sense down the Navy chain of command
“Pockets of non-understanding” still plague the lower echelons of the Navy hierarchy when it comes to cybersecurity, says Vice Adm. Jan Tighe.
Vice Adm. Jan E. Tighe, commander of U.S. Fleet Cyber Command, says the Navy brass has a good handle on the need for cyber defense, but the lower ranks need to be brought up to speed.
The U.S. Navy is undergoing a “cultural shift” toward seeing computer networks for the battlefields they are, but some of that education has yet to trickle down to the rank and file, its top cyber commander said May 6.
The Navy has in recent years moved away from its IT procurement approach of a decade ago, which did not recognize IT systems as potential weapons platforms, said Vice Adm. Jan Tighe, commander of the U.S. Fleet Cyber Command and the Navy’s 10th Fleet. She was speaking at a conference hosted by C4ISR & Networks in Arlington, Va.
“So we have to shift the way we program for, procure, support and maintain, and the way that our war-fighting commanders, commanding officers at sea, view this network,” she said.
The Navy’s top brass is attuned to this new cyber-defensive paradigm, but “as you get lower down the food chain, it gets a lot more spotty – there are pockets of understanding, there are pockets of non-understanding,” said Tighe, the first woman to command a numbered Naval fleet.
The Navy does its own cybersecurity audits, in addition to those of U.S. Cyber Command, to scour the service’s networks for vulnerabilities. Though they occur only once every three years, those inspections cover more platforms and commands than is mandated by U.S. Cyber Command, she said.
The inspections offer a “snapshot in time” of a Navy ship or other asset’s vulnerabilities. Commanders are graded on the security of their unclassified and classified systems, and those receiving poor grades have to draw up a plan for improving. Something as seemingly benign as a smartphone plugged in to charge could threaten a Navy network if it is unsecured.
Tighe said she is keen to use those inspections, along with compliance requirements for outsiders to use Navy networks, as a means of making the service more cyber-secure. “Tightening the screws on those as we move forward … raises the standard by which we’re operating as a Navy,” she added.
The collaboration across military services and U.S. Cyber Command needed for DOD-wide cyber-defense is improving, she said, citing her time working at U.S. Cyber Command at its inception. Commanders were then narrowly focused on defending their individual networks, but that is changing to a more holistic approach.
“Yes, we have different types of networks. Yes, we have different ways that we deliver those networks to our services,” she said of the military services. “But there is commonality in terms of how we approach the fight; there is commonality in how we talk to our service leaders about these problems.”