Navy has planned to improve facing cyber threats through modernized services in pace with the digital age.
Fremont, CA: In an event at the Brookings Institution on October 23rd, Richard Spencer, Navy Secretary, said that the service is struggling to beat back threats to cybersecurity and the supply chain. He remarked that “We are woefully behind”. He added that the service is planning to improve facing cyber threats. The newly established positions of special assistant/chief information officer filled by Aaron Weis prove this. This job includes four directorates who are aimed at modernizing the service for a digital age and protecting the Navy by keeping it strictly against cyber threats. It is not the same as once it was years ago as the thinking and level of engagement on cyber have evolved in the last year.
Now, adversaries are fully aware of the point that they can target suppliers far down the supply chain. It is because these suppliers usually do not follow proper cybersecurity practices. These companies include those that might supply small but critical components, such as chips or even tires, could be hit with a crippling cyberattack and limit production, a move that would have a wide range of implications for the more significant force. Further, Spencer remarked one of the rules of Sun Tzu, cyber 101 highlighting the point “Take over the enemy and keep all their assets intact”.
Also, the Department of Defense is looking at addressing supply chain vulnerabilities by creating a framework that all companies must meet depending on how sensitive the systems or programs are they’re working on called the Cybersecurity Maturity Model Certification, or CMMC. One of the directorates under the new CIO is a chief information security officer who will work with the defense industrial base, Weis said during an AFCEA Northern Virginia chapter event in early October.
Weis said the tier 2 and 3 suppliers are the most exposed to threats, which was also validated in the Navy’s Cyber Readiness Review, commissioned by Spencer following the exfiltrations above.