Comstock passed her Stage III inspection in February 2016 with a score of 70.3 percent. As significant as this was – a small but important step in the right direction – SURFPAC was simultaneously developing a number of cyber initiatives to make long-lasting improvements in surface ship cybersecurity. The first and most important initiative was the creation of a Surface Force Cyber Warfare (CW) Mission Area to train and certify surface ships in cyberspace operations.
Utilizing the Surface Force Readiness Manual (SFRM) “crawl, walk, run” model, and drawing upon the experience and expertise of information systems technicians at Afloat Training Group Pacific (ATGPAC), information professionals at SURFPAC, Naval Information Forces (NAVIFOR), and Navy Information Operations Command San Diego (NIOC) the CW Mission Area provides surface ships with in-depth Basic Phase Unit Level training. This training covers cyber administration and programs, traditional security, network defense and vulnerability management, cyber operations proficiency, and casualty and incident response. It also includes two NIOC Blue Team visits and the NIOC cyber network team trainer. From April to November 2016, CW was successfully piloted aboard USS Kidd (DDG 100). In 2017, CW will be executed on more than 20 surface ships on the East and West Coasts.
“The Cyber Warfare mission area is the most comprehensive cybersecurity, information assurance, and defensive cyber operations training ever given to a ship in a systematic way,” said Senior Chief Petty Officer Robert Halsey, the lead Cyber Warfare trainer at ATG San Diego. “By that, I mean not in a pieced-together, ad hoc manner. To build the curriculum, we identified applicable cyber requirements from across the Navy and brought them together into repeatable and certifying events.”
While CW effectively addresses the Basic Phase unit level training needs of surface ships, to be truly successful it has required complimentary cyber improvements be made to shipboard C4I networks. To this end, SURFPAC and SPAWAR agreed to the creation of a Cyber Baseline Availability. This availability would occur toward the end of a ship’s maintenance phase, as the ship’s C4I network was being modernized and brought out of layup. The network baseline would consist of scanning and patching all C4I assets, training and guidance, hardware and software configuration, network topology diagrams, and a C4I end-to-end systems operability test to ensure network integration. SPAWAR also agreed to ensure all newly installed C4I assets meet FCC cybersecurity requirements (zero Category 1 cyber vulnerabilities).
To further enhance Surface Force cybersecurity, SURFPAC and SURFLANT will also soon promulgate cybersecurity policy in the form of a Cybersecurity Instruction and Cyber Departmental Organizational Regulations Manual (DORM). The Cybersecurity Instruction is a “one-stop shop” reference for ships that lays out CSWF organization, training requirements, asset management and configuration control, security and enforcement policies, compliance and vulnerability management, and disaster, recovery and incident management. The Cyber DORM is very similar in practice to the Surface Force E-DORM and NAV-DORM.
“Whereas the Cybersecurity Instruction is the ‘who, what, why’ for ships, the Cyber DORM is the ‘how and when’. The Cyber DORM rolls up existing fleetwide best practices in one instruction to help ships establish an effective battle rhythm in their Radio Shack,” said Lt. Peyton Price, CNSP Force cyber operations officer, and author of the Cyber DORM.
While policy guidance, training, and C4I network improvements are moving the Surface Force in the right direction, these improvements must be accompanied by a change in shipboard culture. Commanding officers, their wardrooms, Chiefs Mess, and their junior Sailors must understand the importance of maintaining good cybersecurity and cyber hygiene, must understand the threat to the ship’s combat readiness when it is not maintained, and must initiate the necessary behavioral changes.
To assist ISICs and ships in making these changes, SURFPAC and SURFLANT have formed Cyber Readiness Teams (CRTs). At SURFPAC, the CRTs conduct training and assist visits aboard ships for three specific reasons.
First, the CRTs perform cyber hardening prior to ships departing for deployment. This is a complete network inspection, with special attention paid to C4I, CS, and weapon system assets on the ship’s network that may impact a specific deployment mission set, if not operating properly from a cybersecurity perspective. Second, the CRTs conduct cyber hygiene visits when it appears based on CRT trend analysis that the ship’s CSWF is struggling and in need of additional training or assistance correcting system casualties. Third, the CRTs perform cyber readiness visits to assist with inspection preparations, such as prior to a TYCOM material inspection, INSURV, or FCC CSI. Over the past eight months, SURFPAC CRTs have performed over 30 training and assist visits, resulting in a cybersecurity compliance and integrity rate 30 percent higher than ships not receiving a visit (94 percent versus 65 percent).
Another important joint SURFPAC-SURFLANT cyber initiative having an immediate effect on the Surface Force cyber culture is the Cyber Bravo Zulu Program. Similar to the Surface Force Gauge Calibration program and the SPY Honor Roll, which recognize ships that meet gauge calibration and SPY radar monthly requirements, SURFPAC and SURFLANT release a monthly Cyber BZ message to recognize ships that meet cybersecurity compliance and integrity requirements.
“We evaluate the cybersecurity compliance and integrity data found in the Vulnerability Remediation Asset Manager (VRAM) scanning and reporting tool,” said Lt. j.g. Adriel Frazier, SURFPAC force cyber readiness officer. “Ships who meet the requirements appear in the monthly Cyber BZ message. We then build a plan with the ISIC, and ship Communications Officers and Information Security Managers, to correct issues found in the VRAM report.”
Lastly, as if these type commander cyber initiatives needed any further promoting, SURFPAC teamed with the Naval Postgraduate School’s Center for Cyber Warfare, NAVIFOR, NIOC, Navy Cyber Defense Operations Command, FCC/C10F, 3rd Fleet, and SPAWAR to conduct of a series of Cyber Hackathons.
“The hackathons provide great training for our sea and shore cybersecurity experts and give them the opportunity to exercise elements of computer network defense without compromising the integrity of their ship’s network,” said Price, who leads the SURFPAC hackathons.
SURFPAC’s most recent hackathon included a one-day Surface Force off-site, during which Vice Adm. Tom Rowden, commander, Naval Surface Forces, personally addressed more than 60 surface commodores, deputies, and commanding officers in attendance.
“We must take the defense of our computer networks as seriously as defending our warships against an incoming cruise missile,” Rowden said. “You are the frontline on cyber defense and our surface combatant crews are counting on you."
Naval Surface Forces is working diligently to clarify cyber requirements, streamline cyber policies, and ensure no command is left unprepared to meet the cyber threat. In this era of growing cyber complexities, Naval Surface Force is committed to assisting each ship to fight at peak performance while reducing the burden on shipboard personnel.