Navy establishes permanent cyber division

The Navy is working to get a handle on its cyber threat exposure. Without a running tally of IT systems and the provenance of their parts, network operators don't know what's on or off; what's vulnerable or secure.

Navy officials are trying to build on the momentum of the yearlong Task Force Cyber Awakening to drive a lasting, more secure cyber posture at the service. And so the chief of naval operations last month established the Navy Cybersecurity Division, a 40-person office responsible for evaluating big cyber investments and ensuring policy requirements.

One of the chief tasks of the new division, according to Vice Adm. Ted Branch, deputy chief of naval operations for information dominance, will be to "make sure that they have the requirements right at the front end so we can bake in some of the cybersecurity, as opposed to having it bolted on like we have done up until now."

The task force was a deep dive into the cyber postures of the service's many components, from the Naval Sea Systems Command to the Space and Naval Warfare Systems Command. It set priorities for boosting resiliency and led the Navy to reallocate approximately $300 million in fiscal 2016 budget to help treat the service's cyber vulnerabilities.

The task force came at "a time of need," Branch said at an Oct. 1 press briefing. "We had a lot going on without a lot of focus and pursuit of our 2013 incursion."

Branch was referring to a breach, attributed to Iranian hackers, of the Navy Marine Corps Intranet, the service's massive internal computer network. A months-long operation known as Operation Rolling Tide, which drove the hackers off of the unclassified portion of NMCI, has become a blueprint for Navy cyber operations.

The task force initially focused on the transport layer of Navy networks, where the 2013 breach had occurred, Branch said. Drawing on modeling done by experts at Johns Hopkins University, the task force ranked and prioritized vulnerabilities on Navy networks and then suggested remedies. Officials later broadened the scope of assessment to include weapon and facility systems.

Troy Johnson heads the new cyber division. Johnson spent 22 years as a cryptologist and information operations planner in the Navy, and played an integral role in the cyber task force.

The systems commands that contribute the building blocks that make up Navy networks will need to mature, according to Branch. "The expertise that needs to be resident in systems commands for design and engineering frankly isn't there yet, certainly not in the capacity that we need it to be," he said.