The U.S. Navy has released its first cybersecurity strategy as the service tries to modernize its efforts in the space after years of staffing and preparedness issues.
The blueprint devised by Chris Cleary, the Navy’s principal cyber advisor, and its CIO, features the following seven lines of effort:
- Improve and support the cyber workforce
- Shift from Compliance to Cyber Readiness
- Defend Enterprise IT, Data, and Networks
- Secure Defense Critical Infrastructure and Weapon Systems
- Conduct and Facilitate Cyber Operations
- Partner to Secure the Defense Industrial Base
- Foster Cooperation and Collaboration
Troy Batterberry, CEO and founder, EchoMark had this comment:
“In order for the USA to achieve and maintain information superiority, we must adopt new forms of insider risk management. Nearly all major government agencies have experienced highly damaging leaks in part because the leaker (insider) felt they would never be caught. An entirely new approach is required to help change human behavior. Information watermarking is one such technology that can help keep private information private.”
Stephen Gates, Principal Security SME, Horizon3.ai follows with this:
“In the context of the Department of the Navy Cyber Strategy 2023, one line of effort stands out among the others: 2.0 Shift from Compliance to Cyber Readiness. As recent cyber events have repetitively proven, a purely defensive cyber strategy is not working and must be augmented by “adversarial assessments” of your own environments.
“These adversarial assessments are not the run-of-the-mill vulnerability scans. These assessments are cyber red team exercises whereby organizations attack themselves using the same tools, tactics, and procedures (TTPs) attackers use. The reason for this is simple. If you cannot find that hidden chink in your armor, that crack in your layered walls of defense, that blind spot you didn’t even know existed, you will never be able to adequately defend yourself against a purposeful attacker with nothing but time on their side – and disruption on their mind.
“Today, autonomous assessment solutions that let your see your environments through the eyes of an attacker are readily available. Having these solutions in the hands of highly skilled red teams allows them to force-multiply, meaning, they can do expansive cyber readiness exercises simultaneously, while using these solutions to accelerate their assessment analysis. Furthermore, these solutions also meet the objective of prioritizing mitigations and reassessment tracking to ensure issues have been remediated and readiness is confirmed.”
At least the Navy realizes that it has issues, and is moving to address them. That’s good. But everyone will be watching to see if the Navy “walks the walk” as opposed to just “talking the talk”.
Like this:
Like Loading...
Related
This entry was posted on November 27, 2023 at 2:30 pm and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
US Navy Releases Its First Cybersecurity Strategy
The U.S. Navy has released its first cybersecurity strategy as the service tries to modernize its efforts in the space after years of staffing and preparedness issues.
The blueprint devised by Chris Cleary, the Navy’s principal cyber advisor, and its CIO, features the following seven lines of effort:
Troy Batterberry, CEO and founder, EchoMark had this comment:
“In order for the USA to achieve and maintain information superiority, we must adopt new forms of insider risk management. Nearly all major government agencies have experienced highly damaging leaks in part because the leaker (insider) felt they would never be caught. An entirely new approach is required to help change human behavior. Information watermarking is one such technology that can help keep private information private.”
Stephen Gates, Principal Security SME, Horizon3.ai follows with this:
“In the context of the Department of the Navy Cyber Strategy 2023, one line of effort stands out among the others: 2.0 Shift from Compliance to Cyber Readiness. As recent cyber events have repetitively proven, a purely defensive cyber strategy is not working and must be augmented by “adversarial assessments” of your own environments.
“These adversarial assessments are not the run-of-the-mill vulnerability scans. These assessments are cyber red team exercises whereby organizations attack themselves using the same tools, tactics, and procedures (TTPs) attackers use. The reason for this is simple. If you cannot find that hidden chink in your armor, that crack in your layered walls of defense, that blind spot you didn’t even know existed, you will never be able to adequately defend yourself against a purposeful attacker with nothing but time on their side – and disruption on their mind.
“Today, autonomous assessment solutions that let your see your environments through the eyes of an attacker are readily available. Having these solutions in the hands of highly skilled red teams allows them to force-multiply, meaning, they can do expansive cyber readiness exercises simultaneously, while using these solutions to accelerate their assessment analysis. Furthermore, these solutions also meet the objective of prioritizing mitigations and reassessment tracking to ensure issues have been remediated and readiness is confirmed.”
At least the Navy realizes that it has issues, and is moving to address them. That’s good. But everyone will be watching to see if the Navy “walks the walk” as opposed to just “talking the talk”.
Share this:
Like this:
Related
This entry was posted on November 27, 2023 at 2:30 pm and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.