Rear Adm. Jan E. Tighe
Deputy Commander, U.S. Fleet Cyber Command/U.S. 10th Fleet
Why does the Navy keep enhancing the security of its networks, taking actions that at times have made things challenging for users? The answer is that we as a Navy, and as a society, are now operating in an age of constantly evolving cyber threats and network intrusion capabilities. We are operating in a new “cyber norm.”
What is the new “cyber norm?”
It is the reality in which we operate and requires the entire Navy team to constantly stay ahead of the adversary in the cyber arena. The Navy’s network defenders must consistently and dynamically outpace the enemy, denying adversaries any benefit. As important, every user must understand their responsibility to also deny the enemy any advantage when on the network. After all, if the Navy has given you access to a keyboard, you are operating in the cyber domain.
With the stand-up of U.S. Fleet Cyber Command and re-commissioning of U.S. 10th Fleet in January 2010, the Navy recognized the need “…to confront a new challenge to our nation’s security in cyberspace.” Over the nearly four years since then, as the Navy’s culture has begun to change with respect to cyber in Joint warfighting, the necessity for an active cyber defense has become more and more apparent.
Late summer of this year, the Navy expanded its aggressive campaign to enhance the security of its networks. Since then and moving forward, we will continually apply defensive measures and architectural hardening improvements (making the network more defensible) to strengthen the security of our networks.
In fact, it is part of this ongoing effort to improve network and cyber security that brought the Chief of Naval Operations, Adm. Jonathan Greenert, to Fort Meade Dec. 17th to recognize the warfighters of U.S. Fleet Cyber Command, the warriors who have taken unprecedented network maneuver measures over the past several months to increase security.
At times these network hardening actions have inconvenienced Sailors and our Navy workforce, but in balance they have been essential within this new cyber norm to supporting the Navy’s vision as described in Navy Cyber Power 2020*1. Specifically a key goal envisioned: assuring access to cyberspace and confident command and control (C2).
These hardening actions are part of the broader Department of Defense effort to continue to develop and refine extensive capabilities to defend its networks. An example is more stringent log-in requirements, which are focused on strengthening network and information security and minimizing exploitable vulnerabilities.
Additionally, related to the network defense measures being implemented to improve cyber security, certain Navy web applications and websites are now (or will become) accessible only from within the Department of Defense Information Network (DoDIN), also known as the “.mil” domain. Sailors and Navy workforce members who experience the inability to log into an application while working outside of .mil domain should contact their local Information Assurance Manager (IAM) for details. In other words, if a Sailor finds an application they used to be able to access from a home computer, for example, is no longer accessible there, he or she should try from a computer connected to the DoDIN or contact the IAM.
Security improvements such as these may seem inconvenient and will take time to adjust to, but these changes have been implemented to provide the increased network and cyber security necessary given the new cyber norm in which we operate, that is, they are in fact vital to defending our networks against increasingly sophisticated and determined adversaries.
Americans, our allies and our adversaries can be confident that Sailors world-wide in the Fleet Cyber Command/10th Fleet domain, the broader Information Dominance Corps, and across our great Navy are on watch 24/7/365. The vital importance of network and cyber security at the individual user level, however, cannot be emphasized enough; it takes all hands being vigilant with network security to assure access to cyberspace and confident C2.
As Vice Adm. Michael S. Rogers has said before, “we will continue to develop standards of accountability for the cyber domain, like other warfighting domains, in step with the Navy’s long tradition of holding all hands responsible for their actions, cyber security is the responsibility of the entire Navy team.”
Given the new cyber norm in which we operate, all hands must be vigilant. Network security starts with you.
1 Signed in November 2012 by both Vice Adm. Kendall Card, former deputy chief of naval operations for information dominance and director of naval intelligence, and Vice Adm. Michael S. Rogers, commander, U.S. Fleet Cyber Command/U.S. 10th Fleet, Navy Cyber Power 2020 is the road map for success in this new era and requires U.S. Fleet Cyber Command/U.S. 10th Fleet (FCC/C10F) to continually address cyber threats, key trends, and challenges across four main areas: (1) integrated operations, (2) an optimized cyber workforce, (3) technology innovation, and (4) reforming development and execution of our requirements, acquisition, and budgeting.
Since the November 2012 signing of Navy Cyber Power 2020, the U.S. Fleet Cyber Command and U.S. 10th Fleet team world-wide has worked tirelessly to drive toward and thus maintain these desired outcomes in the dynamic cyber arena in which we operate.