The Navy has established a special new unit designed to protect computer networks and improve cyber security across the service called Task Force Cyber Awakening, or TFCA, service officials said.
Created in August of this year, TFCA is a 100-person force dedicated to establishing protocols, identifying vulnerabilities, increasing cyber awareness and shoring up security and access with the Navy’s computer networks, service leaders explained.
“The genesis of this started several years ago when we started to see that the risk calculus associated with cyber was changing. If you look at risk and how we characterize risk with things like vulnerabilities, the consequences of exploiting those vulnerabilities and the actors, you’ll see that consequences are continuing to grow in cyber,” Matt Swartz, lead for Task Force Cyber Awakening, told Military.com.
The consequences associated with cyber-attacks are growing in part because weapons systems are increasingly relying on networks, creating a much larger cyber component to platforms and operations, he added.
“Combat and control systems are integrated. Years ago things were stand alone. Through modernization we’ve connected things like weapons systems and engineering systems to a network. A risk to one now is a risk to all,” Capt. Kathy Creighton added.
According to a Wall Street Journal report in September 2013, Iranian hackers succeeded in penetrating into the Navy Marine Corps Intranet, an internal network used by the services for email and internal intranet functions.
Although Swartz, Creighton and other Pentagon officials have not publicly confirmed that the hacking was done by Iranians, the WSJ report cites U.S. officials saying that Iranian hackers did penetrate into NMCI. The report also says U.S. officials do not think any significant information was stolen from the unclassified NMCI network.
The NMCI network has more than 700,000 users at more than 2,000 different locations. The hackers were able to penetrate deep into the network through some of the Navy’s publicly accessible websites, the WSJ report said.
Swartz acknowledged the intrusion, without specifying any perpetrators, and said the new task force is looking at implementing lessons learned from the U.S. military response to the incident – an effort called Operation Rolling Tide.
“Over the last several years we have seen a lot more aggressive actions on the part of adversaries. We responded to that NMCI incident and when we looked at that we realized we could not just piecemeal our response. We started doing assessments across our enterprise,” Swartz said.
Operation Rolling Tide involved a vigorous effort to secure government databases and improve the overall security protocols for Navy computer networks.
“Operation Rolling Tide was broad. We wanted to make sure we could respond rapidly to those types of incidents in the future, not only to detect them but to respond to them. We took the lessons that we learned and looked across business and tactical networks, applying those principles to all those enterprises within the Navy,” Swartz added.
Task Force Cyber Awakening Mission
The TFCA is interested in establishing integrated cyber policies and procedures governing access and use of Navy networks. At the same time, the special task force is hoping to prioritize protections and identify which parts of the Navy’s many networks are most crucial to operational functioning and missions – in the event of crisis.
“The realization came to us that you can’t protect the entire enterprise at the same level. Ultimately, there are hard trade-offs that you are going to have to make. There is probably a subset of our enterprise that is no-kidding critical to the warfight,” Swartz explained.
At the same time, the TFCA is working to better understand and protect network and combat system connectivity in light of rapid cyber-related technological progress. Some of the anticipated measures sought after by the task force include improving what’s called “cyber-hygiene,” effort to create secure passwords and better user practices.
“We’re not just talking about firewalls, routers and sensors but we are talking about taking our traditional navy cyber apparatus – operations, defense, inspections and all the different parts. We’re saying this is not just going to be the traditional C4ISR networks and SIPRNet (Secret Internet Protocol Router Network). We want to extend that apparatus to the whole of Navy’s networks. This includes combat systems, control systems and platform IT,” Creighton said.
Creighton said representatives from all five naval systems commands are participating in the TFCA such as Naval Air Command and Naval Sea Systems Command. There is also involvement from Fleet Forces Command as well as the Pacific Fleet and other areas of the Navy, she said.
Improving cyber situational awareness and better understanding how networks share information with one another is an essential element of the task force’s agenda, Creighton added.
These efforts can include a number of hardware-related technical solutions designed to protect or better fortify boundaries between systems.
“We’re creating configuration management and embedding capabilities within our networks. If someone can penetrate through your boundaries you want the ability to detect them. This is about providing technologies that can detect that type of maneuvering within our space and providing technologies that allow you to mitigate what’s happening,” Creighton said.
Having a common operational picture or an improved ability to monitor networks allows cyber-experts to better identify anomalous behavior, she said.
The TFCA is also invested in training sailors and creating a more cyber-savvy and cyber-aware culture within the Navy.
“Part of our task force is looking at how we make every sailor and civilian also a cyber-security sentry? How do we get them trained up? This is something that we all have a responsibility for,” Creighton explained.