My view: Navy must shore up its cyber defenses
I wrote an op-ed that was published in Defense News explaining how the Navy, with the support of Congress, must take measures to ensure our ships are properly protected from cyber intrusion.
The full article is below.
Please do not hesitate to contact me anytime an issue that concerns you comes before the House, especially if it concerns defense and national security.
It's an honor to serve you and Virginia's First District in the People's House.
The U.S. Navy must shore up its cyber defenses
October 5, 2017
By Rob Wittman
In 2009, then-chief of naval operations, or CNO, Admiral Gary Roughead, created the Information Dominance/Director of Naval Intelligence, or OPNAV N2/N6, organization by merging two of his deputy CNOs, the N2 and N6. This new deputy CNO position, N2N6, was elevated to the rank of a 3-star vice admiral, and it officially recognized how much crossover there is between intelligence work and communications.
The following year, Roughead re-activated the U.S. Navy’s 10th Fleet, which is charged with the operations and coordination of naval, joint and coalition forces’ ability to conduct information and electronic warfare operations and signals intelligence. Roughead made these large, sweeping changes to the U.S. Navy’s force structure because he recognized the threat the cyber domain posed to the fleet.
Roughead had the foresight to recognize three growing trends: the ever-increasing connections our ships and aircraft have to shore, our sailors becoming ever more reliant on off-ship technologies for basic tasks such as navigating and our potential adversaries making large investments in the cyber domain.
Our ships have become so connected that virtually all aspects of ship operations are being reported back to shore sites located in the continental United States. The efficiencies brought by increased interconnectivity also give rise to vulnerabilities that need to be seriously considered.
I recently co-chaired a House Armed Services Committee briefing centered around the collisions of destroyers Fitzgerald and John S. McCain. Vice Admiral Jan Tighe, deputy CNO N2N6, and Vice Admiral Mike Gilday, commander of the 10th Fleet, briefed me and my congressional colleagues on potential cyber vulnerabilities to our fleet. The Navy’s initial analysis does not support the claims that either one of these ship collisions were caused by a cyber attack. However, in my estimation, it is essential that we improve our cyber domain defenses.
It is critical that the Navy, with the support of Congress, continues to make investments in training, manpower and systems to protect our ability to transmit and receive information without impediment or alteration. Paying due regard to our adversaries, we must also reexamine our tactics, techniques and procedures within the full spectrum of the cyber domain.
For over 20 years, and in an effort to maximize the fighting effectiveness of the entire force, we have routinely installed equipment on our ships that increases connectivity to shore facilities, mainly to various headquarters’ staff. We have used our ships as floating sensors to be dispersed throughout all parts of the world in order to keep the highest levels of command plugged in and to leverage our superiority with information operations. Although these systems allow us to fight more effectively, they have also allowed shore staffs to micromanage individual units. Our sailors have affectionately referred to this as the 12,000-nautical mile screwdriver, giving them constant pressure and guidance while negating the command responsibility of ships’ commanding officers.
Improvements in training that promote cybersecurity and basic navigation skills, at the shipboard sailor level, are needed in order to ensure that every sailor understands the dangers of introducing potentially harmful software on a ship’s servers, the dangers of unnecessary emissions and the necessity to properly secure the transmissions of data links. Ship navigators also need to break their reliance on GPS, which is yet another electronic pathway aboard a ship.
Further, we need to start trusting our ship commanders to secure their communications and emissions and to operate without oversight. This may be by far the most difficult paradigm to break, allowing our commanding officers to operate their ships, execute their assigned mission and to simply command.
As we go forward in the information age and contend with the reality of having to always be “connected,” we must ensure we are doing everything we can to safeguard our networks. Properly protecting our networks and shedding our reliance on systems that depend upon off-ship connections, to include relearning some of the old methods of navigating ships and executing commanders‘ intent, are the first steps to defending our ships in the cyber world.