SAN DIEGO -- Navy information warfare leadership and industry members discussed the importance of small business cybersecurity during the 2017 National Defense Industrial Association (NDIA) Navy Gold Coast Conference, Aug. 22.
Patrick Sullivan, executive director, Space and Naval Warfare Systems Command (SPAWAR) moderated the cyber panel "Small Business Cybersecurity - A Top Priority" and emphasized that the issue of cyber and network security continues to be a dominate factor when doing business with nonfederal companies.
Dr. Kelly Fletcher, principal deputy chief information officer, Department of the Navy; Nancy Gunderson, SPAWAR Director of Contracts; and Sean Callahan, senior cybersecurity officer, Sentek Global, Inc., all joined Sullivan on the panel.
Topics during the panel focused on Department of Defense (DoD) and Department of the Navy (DoN) cybersecurity workforce requirements and protecting controlled unclassified information in nonfederal information systems.
Fletcher highlighted personal identifiable information (PII) and data breeches, and explained how her office mitigates these risks for not only government entities, but small businesses supporting the DoN.
"Let's say that some government information went somewhere it shouldn't have gone or was in a place where it wasn't protected by the right standards. There are three things we need you to do," said Fletcher. "The first one is report it. You are required to report it within 72 hours, but report it as soon as you can. The second thing we ask you to do is mitigate the risk ... preserve the information. The third thing is that we want you to cooperate with [the Department of the Navy]. This isn't information that will get better with time."
Sullivan stated that small businesses need to do their part to adhere to DoD and DoN cybersecurity standards in order to protect our nation's information.
"[Cyber] will continue to be a major threat into the future," said Sullivan. "In fact, it will be a major issue of our time. Our ability to protect our own information [as the Department of the Navy], as well as the information of our businesses, is critical. Successful cyberattacks result from three vulnerabilities in my perspective ... personnel training and limited knowledge of cybersecurity, a lack of proper system maintenance, and a failure to detect malicious activity early on. We all need to do our part to minimize the opportunity for attacks to happen on our systems."vCallahan stressed the importance of small businesses hiring a cybersecurity expert to ensure the realm of cybersecurity becomes a main effort within the company.
"Your biggest issue, as a small business, is your policies and processes," said Callahan. "If you do not have a cybersecurity expert in your company, you will need to work hard with the Navy or your 'customer' to translate requirements. It's not one size fits all."
Sullivan also stated that DoD and DoN cyber expectations are beginning to increase substantially in order to support a more proficient and effective cybersecurity workforce by 2023. Any employee who designs, develops or operates a system will be part of a new certification process, comprised of enhanced training and education opportunities.
At the conclusion of the panel, an audience member asked how companies are expected to comply with DoD and DoN cybersecurity policies in order to meet standards, but still maintain a competitive edge.
Fletcher responded that cyber is a world-wide, all-sector issue. She identified that with all the new technology and capabilities in government and business we are accepting new risks, but, as an organization, must also learn to be compliant to government cybersecurity standards.
"As we all march forward to getting more cyber secure and implementing the appropriate controls, it's going to be easier to buy this as a commodity," said Fletcher. "Just like the way I lock the door of my house, I'm eventually going to get accustomed to buying cybersecurity as a commodity ... I think this is going to get easier as time goes on."
This year marks the 29th annual NDIA San Diego Chapter event. The purpose of the NDIA Navy Gold Coast Conference is to provide a forum to educate, guide and assist businesses, especially small businesses, in working with the government, primarily the Department of Defense.