Breaking news: The Navy is big.
With an $8 billion annual IT budget, the U.S. Navy features one of the largest IT operations in all of government, supporting more than 640,000 personnel, 3,700 aircraft and 272 ships.
So what’s one thing Navy CIO Rob Foster could improve if given the chance?
“When we talk about information warfare, one of my top priorities is acquiring cybersolutions that deliver the first time,” Foster said Thursday at AFCEA NOVA’s Navy IT Day. “Too often, technologies do not work in our system the first time, causing us to spend extra time and money to fix them while creating extra vulnerabilities in the process.”
To remedy this, Foster wants to create better standards for cybersolutions, namely having those solutions receive a certification in the Department of Defense cybertest laboratory before being implemented. That step, he says, could end up helping the Navy bring in solutions faster and reduce additional steps that happen far too often.
“I don’t want to put in policies that will inflict pain,” Foster said. “In many places, I want to get rid of policies that no longer help us. My goal is to always be in lockstep with the department as a whole, and with our partners, while working as efficiently as possible.”
Foster added that the Navy CIO office wants to use more agile development methodologies. Like many in government have found, the procurement aspect of agile development is the hardest part to implement.
“IT wants to do the right thing, but there are challenges,” Foster said.
The Three Cyberattack Vectors
Rear Adm. Michael Gilday, director of operations for U.S. Cyber Command, said DOD looks at cyberdefense and offense in the same way as a company would look at its enemies, namely looking at people and processes, not just technology.
He said that while technology solutions get the most attention, people and processes provide the most vulnerabilities. While several pieces of new malware are created every second, Gilday said, end users without good cyberpractices typically provide the easiest access into a network.
“We have to look at cybersecurity more holistically,” he said. “Just solving one aspect won’t help, so we need to increase everyone’s awareness. Every user is both an asset and a liability.”
That said, Gilday noted that DOD takes the same approach in training against cyberattacks: to know every line of code in a given software program so they can exploit it.
“We want our people to know their software better than the people who wrote it,” he said.