Navy workforce memo separates cyber from IT

Featured eBooks
AI in the Workplace
Read Now

CX in Action

Read Now

Next Steps for CMMC

Read Now
By Sean Lyngaas

By Sean Lyngaas

|

A recent policy memo from Navy Secretary Ray Mabus differentiates the IT and cybersecurity workforces.

Image copyright to the Navy: Sailors man the bridge helm station to the Arleigh Burke-class guided-missile destroyer USS Mustin (DDG 89) during a replenishment-at-sea.

The Defense Department has been restructuring its workforce in recent years to adapt to the challenges of its heavy reliance on cyberspace for missions. The Department of the Navy took a significant step on that front in a recent policy memo from Navy Secretary Ray Mabus that differentiates the IT and cybersecurity workforces.

The memo, dated Feb. 10 but released on a public-facing DOD website this week, establishes two workforce categories -- Cyber IT and Cybersecurity -- around which commanders are supposed to build training and credentialing.

A cyber IT professional is defined as someone who builds, operates and maintains IT networks. Those duties include the retirement of legacy systems. A cybersecurity professional, on the other hand, is someone who defends and preserves data, networks and network-centric capabilities. Those duties include the "integration of cybersecurity into all aspects of engineering and acquisition of cyberspace capabilities," the memo states.

The memo does not cover the DON cyber personnel who are allowed to conduct hacking operations on adversaries.

Anyone using DON IT systems is required to complete annual cybersecurity training beforehand, the memo states, and commanders can add more training requirements for their personnel.

Furthermore, the IT and cybersecurity qualification requirements for DON personnel must be put in a matrix and structured by role and specialty. The foundational knowledge required of IT and cybersecurity personnel should cover "operating system and computing environment concepts," according to the memo.

The new policy is data-driven: The status of personnel qualifications will be housed in massive DON databases.

The memo also addresses the so-called insider threat, which DOD officials have taken a keen interest in after the leaks of classified information by former National Security Agency contractor Edward Snowden. Anyone with privileged access to DON systems must adhere to a special agreement, and privileged access should be revoked when it is no longer needed, the memo states.

The instruction applies to all DON installations, including those under the Marine Corps' charge.

NEXT STORY: Watchdogs Prep for Review of Agencies’ IT Security Policies