While October was designated as National Cybersecurity Awareness month it is always an opportune time to address what the Department is doing to strengthen our security posture as well as reinforce the importance of practicing the utmost care whenever we use a government computer and access a government network.
Our workforce plays a key role in strengthening cybersecurity. We are working closely with DoD to implement the DoD Cyber Strategy, which has as one of its goals: "Build and maintain ready forces and capabilities to conduct cyberspace operations."
This effort will improve the methods we use to recruit, develop and retain our civilian cyber workforce, and will include more effective qualification requirements and improved, real-life scenario training. We are collaborating with the Navy and Marine Corps to ensure that the DON has the cyber capabilities needed to meet mission needs with a ready and capable workforce. Maximizing the effectiveness of our cyberspace workforce is a critical element in our efforts to ensure a more secure, efficient, and effective IT environment.
Our use of DON IT assets is also critical to our cybersecurity posture because an intrusion into any one place in the network can lead to access to other areas. We are staffing an updated acceptable use policy that addresses areas such as general use, training requirements, email, remote access, and PKI requirements. Once again, we are aligning with DoD guidance that emphasizes the importance of actively enforcing DoD PKI credential logon to achieve strong user identity authentication, especially for our system administrators and other privileged users.
I applaud OPNAV N2/N6’s recently launched initiative to use Cybersecurity Awareness month as the kick-off for a year-long campaign to create a culture in which cybersecurity discipline is a high priority and a daily habit. In his NAVADMIN 239/15, launching this campaign, Vice Adm. Ted Branch provides advice that applies to all of us, including: “Every time you connect to or operate a Navy network or system, you are in the cyber battlespace. Think cybersecurity before you act.”
Our handling of sensitive information, such as personally identifiable information (PII), is another area of concern that we are addressing at the enterprise level. We are in the final phase of a plan to reduce the collection and use of Social Security Numbers across the DON; we have established stricter procedures for the disposal of all electronic storage media through our physical destruction policy. We have also limited the use of FAX machines in transmitting PII, and we are exploring the use of technology to better control the transmission and storage of PII.
While we are changing enterprise processes and procedures related to collection, storage, and transmission of sensitive information, each of us has a personal role in keeping PII secure. Eighty percent of PII breaches are the result of human error. The number one fault is something that is very simple to correct: sending unencrypted email containing PII. We can do better.
On the DON CIO website you will find PII Awareness and Privacy Refresher training; these courses are also available on the Marine Corps and Navy Learning Management systems. I encourage each of you to take this training, not just to fulfill a requirement, but to make sure you are fully aware of what you personally can do to help eliminate PII breaches.
Together, we can make a difference. With our Navy and Marine Corps teammates, and aligning with DoD initiatives, we can improve our cybersecurity posture and better protect our networks and information.