SAN DIEGO, Cail. The Space and Naval Warfare Systems Command (SPAWAR) cybersecurity readiness team has delivered an agile and modernized tool that manages and maintains ship information technology systems to 33 Navy ships, with the most recent delivery completed Sept. 5.
SPAWAR launched the Fleet Readiness Directorate’s Cybersecurity Readiness Office, or FRD 300, in January to ensure the Navy maintains a competitive advantage in the cyber warfighting domain. To advance the fleet’s cyber posture, the team delivered a web-based application, or cyber baseline, that provides a documented record of all networks, hosted applications and network-connected systems to all Navy ships.
“Adding the cyber component to our Fleet Readiness Directorate is just one of the many ways we are modernizing the way we manage our Navy ships to increase our readiness and capability,” said Rear Adm. Christian Becker, SPAWAR commander. “We must have the information that we need at our fingertips, so we are able to take decisive action when needed.”
With the overall objective being a self-reliant and agile fleet, the cyber baseline offers a searchable, easy-to-use, platform-specific knowledge base, providing the fleet with the ability to independently manage and maintain a ship’s information technology systems. This baseline lives with the platform and remains available through ship turnover.
Additionally, the cyber baseline certifies that all Consolidated Afloat Network and Enterprise Services (CANES) and Integrated Shipboard Network System (ISNS) installations comply with Department of Defense and Department of Navy Cybersecurity Directive requirements; it also certifies the same standards have been met for hosted applications and connected systems that are required to comply.
“This baseline is a cross organizational effort that supports SPAWAR’s Office of the Chief Engineer and the Naval Institute of Standards and Technology’s Cybersecurity Framework's ‘identify’ function that focuses on developing the organizational understanding to manage cybersecurity risk to systems, assets, data and capabilities," said Ed Lazarski, SPAWAR director of cybersecurity for Program Executive Office for Command, Control, Communications, Computers, and Intelligence (PEO C4I). “Specifically, this effort addresses the ‘asset management’ component that requires organizations to know the data, devices, and systems are identified and managed.”
The FRD 300 team has plans to deliver these cyber baselines to 60 ships per year, with the goal of 100 percent of all Navy ships certified as “cyber ready” by January 2021.
“You cannot defend against cyber attacks if you do not know what you are defending,” said Duane Phillips, FRD 300 cybersecurity readiness director. “A cyber baseline will provide ship commanders with access to essential documentation required to operate and maintain systems installed, modified and approved by program offices.”
FRD 300 also supports ships’ workforce during the installation of program of record modernization, approved security patches and during compliance verification, ultimately improving ships’ ability to maintain system cyber health in line with the program of record patched baseline. This assures a smooth transition as ships take ownership of the systems from the installation teams, while setting a strong foundation for self-sufficiency and reduction of dependency on shore-based technical support.
“Before, Sailors were required to spend an excessive amount of time bringing systems into compliance post-modernization,” said Cmdr. Darin Marvin, FRD 300’s cybersecurity readiness deputy. “The FRD 300 cyber baseline effort ensures platforms are in a compliant state prior to departure.”
In addition to delivering the cyber baseline application and enabling cyber certification, the FRD 300 cybersecurity readiness team takes it one step further and provides on-the-job training and educational support during the availability to ensure Sailors can manage and maintain all systems in accordance with established standards. This training enables self-sufficiency in operators, achieving positive control of the platform’s vulnerability management processes and procedures.
“FRD 300 has created a one-stop shop for any and all cyber inspections,” said Ensign Josiah Hedges, a communications officer on the newly-cyber ready certified guided-missile destroyer USS Ramage (DDG 61). “The cyber baseline will save the fleet countless hours by having ship-specific cyber technologies and critical cyber documentation in one easy to use site.”
SPAWAR FRD was established in October 2011 to install, support and modernize the Navy’s C4I hardware and systems to ensure warfighters are prepared to meet all mission requirements.
Initially, FRD was made up of two elements - FRD 100 and FRD 200. FRD 100, the Fleet Support Program Office, repairs and maintains the fleet’s C4I hardware and systems, and serves as the program manager for in-service C4I systems. FRD 200, the FRD Installation Program Office, performs hardware and software C4I installations on naval platforms across the globe.
FRD 300 complements these two elements by increasing agility of the fleet’s cyber warfighting capabilities.
With today’s technological environment constantly shifting and evolving, SPAWAR’s FRD 300 works to mitigate the risk of the U.S. Navy becoming increasingly susceptible to cyber threats.
SPAWAR identifies, develops, delivers and sustains information warfighting capabilities supporting naval, joint, coalition and other national missions. SPAWAR consists of more than 10,000 active duty military and civil service professionals located around the world and close to the fleet to keep SPAWAR at the forefront of research, engineering and acquisition to provide and sustain information warfare capabilities to the fleet.