WASHINGTON --- Cybersecurity is one of three mission priorities in the NAVSEA Campaign Plan to Expand the Advantage.
For most people, the term "cybersecurity" inspires thoughts of data theft like the U.S Office of Personnel Management database breech and the recent intrusion and theft of information from Equifax.
But in this networked world, hackers have also successfully disabled or taken control of machines in the physical world—from large systems like electric power grids and industrial plants to transportations assets like cars.
Leading the efforts to prevent, detect and recover from cyberattacks on both ships and shore networks is the NAVSEA Cybersecurity team made up of cyber experts from both the Command Information Office (SEA 00I) and the Afloat Cybersecurity Engineering Directorate (SEA 05Q). While SEA 00I is focused on policy implementation, compliance and administration ashore, SEA 05Q focuses on the engineering and technical side for afloat platforms.
“We are a key cog in the Navy’s cyber battle,” said Scott St. Pierre, NAVSEA Enterprise Information Technology Officer (EITO) and primary facilitator of the Cybersecurity Council and Executive Integrated Process Team (IPT).
“As the Navy’s largest Echelon II systems command, we support all of the Navy’s ships and submarines; our footprint is very large,” he said. “Within SEA 00I, all of our divisions touch on cybersecurity in one way or another.”
NAVSEA’s cybersecurity team at NAVSEA works closely with the other Navy systems commands, Fleet Cyber Command (FCC), 10th Fleet, and the Department of the Navy Information Warfare (N2N6) and Chief Information Officer (DON-CIO) to provide comprehensive cyber coverage.
“SEA 05Q has become the go-to organization for the afloat cybersecurity. Their relationship with the different platform Program Executive Offices (PEOs) has helped paint a very thorough cyber picture to benefit the entire Navy,” said St. Pierre.
On the policy side, N2N6 is responsible for the cyber train and equip role, while DON-CIO manages cyber and information technology policies, some of which include functional area management, enterprise architecture, and information assurance.
Both FCC and 10th Fleet represent the operational side of cyber. FCC is responsible for Navy networks, cryptology, signals intelligence, information operations, electronic warfare, cyber and space. As Echelon II commands, they report directly back to the Chief of Naval Operations. Tenth Fleet is the operational arm of Fleet Cyber Command and executes missions through a task force structure similar to other Fleet commanders.
“In the cyber arena, we’ve forged relationships with organizations we wouldn’t normally have before,” said Rear Adm. Lorin Selby, SEA 05, NAVSEA Chief Engineer. “We are deeply involved in developing robust strategies, software and systems to keep the machinery control systems and combat systems secure.”
The Cybersecurity Executive IPT and Cybersecurity Council are co-chaired by NAVSEA 05 and a PEO lead that rotates every two years. NAVSEA 05 Executive Director Steve Schulze and Littoral Combat Ship Program Executive Office Executive Director Nidak Sumrean currently chair the Executive IPT.
The IPT is focused on affordably integrating cybersecurity into those systems under NAVSEA’s cognizance, increase the workforce’s collective cybersecurity knowledge and to transition to and effectively execute the Risk Management Framework (RMF).
“Taking a system through the RMF process is required before that system can be authorized to operate on the DoD information network (DODIN),” said Lt Cdr. Matt Legler, SEA 05Q, Afloat Systems Cybersecurity Engineering Director. “We must ensure efficient implementation of RMF, and that it remains a risk-based process vice a compliance process.”
“Threats change rapidly in the cyber environment. To ensure success in our Navy missions, we must understand, protect, and monitor our shipboard systems and networks in a real-time environment. We also must be able to rapidly respond to sensed intrusions and new threats,” said Legler.
Attacks on mechanical systems that are operated by control systems are not new. Stuxnet is the most famous example and involved a "computer worm" attacking Iranian centrifuges, causing them to run in a way that resulted in catastrophic damage while fooling the operators into believing the machinery was operating normally.
Another NAVSEA initiative is the stand-up of the Cyber Planning and Response Center (CPRC). The CPRC serves as the central coordination point for cyber planning and response at NAVSEA. The CPRC will coordinate communication within NAVSEA and to outside organizations during any cyber event.
“When Fleet Cyber Command/10th Fleet stood up in 2010, the Navy leveraged existing infrastructure and organizations already in place,” said Legler. “When NAVSEA 05Q was being stood up, it was on the heels of events like Stuxnet, which were becoming more prevalent in the global environment. We worked closely with 10th Fleet and modeled our program after other successful NAVSEA programs such as SEA 07Q’s SUBSAFE program.”
SUBSAFE’s purpose is to provide “maximum reasonable assurance” of hull integrity and the operability and integrity of critical systems and components to control and recover from a flooding casualty on board submarines. Initial SUBSAFE certification is required for each submarine before delivery to the Navy. Maintaining SUBSAFE certification is required throughout the submarine’s life. In short, SUBSAFE certification is fundamental to a submarine’s mission capability.
“Similarly, the goal behind SEA 05Q’s efforts is to apply the same rigor to systems integrity as the SUBSAFE program,” said Legler.