Each day brings staggering news of cyber-attacks on government websites, financial institutions, and industry and retail networks. No organization is safe from the daily battering of cyber-attacks. In response to myriad threats, Task Force Cyber Awakening was formed to collectively scrutinize and ensure the cybersecurity of the Department of the Navy’s warfighting and business systems.
“As directed by the Chief of Naval Operations, Vice Adm. Ted Branch, Deputy Chief of Naval Operations for Information Dominance established TFCA, a cross-organizational, year-long effort to deliver fundamental change to Navy’s organization, resourcing, acquisition and readiness,” said Matthew H. Swartz, Director of the Communications and Networks Division (OPNAV N2/N6).
“People ask why cyber awakening; cyber has been around for a decade; is not new. We purposely chose ‘cyber awakening’ because we want to recognize that cyber covers the IT that enables warfighting systems and business systems … Cybersecurity is now the commander’s business as important as any weapons system,” Swartz said in a brief to reporters Oct. 31.
The DON’s “cyber platform" extends beyond traditional IT to combat systems, combat support and other systems, he explained.
“Cyber is a discipline that is critical to warfighting, an enabler of our warfighting capability,” Swartz said. “Over the last decade the DoD and industry have responded to the threat. Cyber is a warfighting area, and it has forced us to reassess our risk calculation.
“The Navy hasn’t been stagnating in the last 10 years. We stood up the IDC (Information Dominance Corps), 10th Fleet, the operational fleet, and just recently NAVIDFOR, the TYCOM for man, train and equip, and now Task Force Cyber Awakening.”
An Enterprise Methodology
TFCA is a unified effort to look at DON IT systems holistically in response to cyber threats that run the gamut from an individual sophisticated hacker to rogue and nation-states.
“We want to look at the wholeness of the enterprise to provide leadership the ability to prioritize responses and investments,” Swartz said. “Because of the interconnectedness of our business and warfighting systems — a threat to one — is a threat to all.”
A startling wake-up call occurred last year with a foreign intrusion on the Navy Marine Corps
Network. The response, Operation Rolling Tide, led by 10th Fleet, included the Space and Naval Warfare Systems Command.
“With Operation Rolling Tide came the realization that there is an afloat dependency on the networks ashore, the NMCI and C4I systems … Working with 10th Fleet and SPAWAR we were able to maneuver the network to get the adversary out. That’s what we want to be able to do: maneuver the network, to get that agility and accountability,” Swartz said.
The TFCA effort is organized into four task groups (see Figure 1) that will look at a sampling of business and C4I systems. Representation includes experts from SPAWAR, Naval Air Systems Command, Naval Sea Systems Command, Naval Facilities Engineering Command, and cyber partners, including U.S. Fleet Cyber Command/U.S. 10th Fleet, Navy Information Dominance Forces Command, the Assistant Secretary of the Navy for Research, Development and Acquisition and Navy Staff, as shown in Figure 2.
“TFCA stood up in July and it will probably end next August, but we will establish an enduring capability with CYBERSAFE. We have representation and significant participation with the SYSCOMs, Navy Staff with Mr. Stackley, PAC Fleet (U.S. Pacific Fleet), Fleet Forces, and the Marine Corps,” Swartz said.
The aim is to establish an evolving framework for cyber resiliency, Swartz explained. Building on the lessons learned from the Navy’s proven SUBSAFE and Airworthiness programs, CYBERSAFE is envisioned as a set of stringent standards for procedural compliance. The intent is to create the same methodology, rigor and discipline for compliance around the DON’s business and combat systems that the elite Nuclear Navy is renowned for.
Using the CYBERSAFE construct, the Navy will create a process for identifying and hardening business IT and warfighting networks and systems that extends through the entire life cycle — from development, acquisition, deployment, operation, sustainment and retirement.
“The challenges aren’t technical,” Swartz said. “We have organizational challenges; it is a cultural challenge, so our response is to establish the right policies and procedures for cybersecurity awareness.”
Many cybersecurity improvements for programs of record will occur as part of scheduled modernization over the Future Years Defense Plan (FYDP) through fleet implementation of Consolidated Afloat Networks and Enterprise Services (CANES). Ashore, the Next Generation Enterprise Network (NGEN) contract will deliver cybersecurity upgrades to the NMCI, Swartz explained.
“How to balance risk is part of the evaluation process,” Swartz said. “XP is a good example. Microsoft no longer supports XP so we have been working with Microsoft to gracefully transition our infrastructure ashore and afloat. It is not as easy for ships. Ashore we have NGEN, but ships’ availabilities don’t align well with technical upgrades.”
But technology upgrades are only a part of the DON’s cybersecurity vision, Swartz explained.
“Task groups one and two are looking at manpower and training solutions to equip Sailors with the right training to operate shipboard systems… We want to make it as easy as possible for the fleet,” Swartz said.
Other cybersecurity improvements include data center consolidation where cybersecurity is embedded within the infrastructure and processes.
“Ultimately, 10th Fleet created the architecture for data center consolidation so we can aggressively leverage DoD and industry best practices and effectively reduce attack vectors,” Swartz said.
When the network intrusion occurred last year, 10th Fleet’s Vice Adm. Michael Rogers, who is now the head of U.S. Cyber Command, led the effort to expel the adversary, Swartz said. Tenth Fleet operators performed forensics and rigorously applied established tactics, techniques and procedures (TTPs).
“Rogers’ fingerprints are all over our plan to maneuver and how to fight the network. Rogers’ methodology for testing and defending platforms at the tactical edge that connect to the JIE (Joint Information Environment) and JRSS (Joint Regional Security Stacks) are part of the plan. Our security controls will not duplicate what the other services are doing but we will build on the linkages to individual platforms,” Swartz said.
One of the strategic options under examination is the creation of a “cyber czar” to oversee acquisition decisions using the CYBERSAFE methodology, Swartz explained.
“That’s one of the big questions we will answer. CYBERSAFE looks at the kill chain from initial design to acquisition and implementation to the fleet. It is the ability to look end to end from operating and sustainment to the end of life of a system, the entire lifecycle,” Swartz said.
Since the TFCA stand-up in July, organizational cooperation and cultural change are already occurring, according to Swartz.
“The immediate benefit of TFCA is now we have senior leadership attention. We have evolved from treating IT as a generator for efficiencies. IT cannot be treated as cost center — IT is a critical enabler of our warfighting superiority.
“We have a lot of work to do, but we are building on a successful enterprise commitment for
cybersecurity accountability across the Navy enterprise.”
More information About TFCA:
TFCA on milSuite - A new site dedicated to collaboration on Navy cybersecurity topics, issues and programs -
www.doncio.navy.mil/chips/ArticleDetails.aspx?ID=5627.
Mr. Matt Swartz Talks about Task Force Cyber Awakening - www.doncio.navy.mil/chips/ArticleDetails.aspx?ID=5578.
Sharon Anderson is the CHIPS senior editor. She can be reached at
chips@navy.mil
.