Capt. Douglas Powers, commanding officer of Navy Cyber Defense Operations Command (NCDOC), tackled a question that the U.S. Navy faces on an hourly basis with unrelenting attacks on its networks: Is it cybersecurity or cyber warfare?
“Within DoD, I think we should boldly call it what it is [cyber warfare],” Powers said, speaking at an AFCEA event in Norfolk, Virginia, April 14. He continued, “In the surface, submarine, air, and expeditionary Navy communities, we don’t refer to each of them as surface security, submarine security, air security, or expeditionary security. We call them what they are; surface, submarine, air, and expeditionary warfare.
“At least within the Department of Defense, we need to begin referring to fighting and defending in cyber space as cyber warfare, as a sub-component of information warfare. It matters because it defines an entirely different mindset and propels a different approach from a security mindset. Instead of creating platforms, processes, and people, we will begin to think about building cyber warships, war plans and warriors.”
If anyone knows what a 24/7 job cybersecurity is, it’s Powers. He’s at the helm of a command which receives millions of cybersecurity alerts per day, actively defending one of the world’s largest corporate intranets, Navy.mil — a staggering figure by any measure. But NCDOC is uniquely equipped to deal with cybersecurity issues; the command defends Navy networks all over the world, Powers said.
“NCDOC is the Navy’s designated Computer Network Defense Service Provider; each service has one,” Powers told CHIPS in a 2014 interview. “Our broad mission is to defend Navy networks worldwide. Computer Network Defense, or CND, includes vulnerability analysis, indications and warning, attack sensing, countermeasures, cyber forensics, as well as our cyber incident response team. NCDOC was born out of what used to be called NAVCIRT, the Navy Computer Incident Response Team. But that is the response side, to clean up or mitigate [incidents] and restore [network services].
“NCDOC also provides an active defense of the Navy’s networks [that includes] live sensoring and monitoring of the network. We do that in many ways. In general, we monitor, analyze, protect and counter unauthorized activity,” Powers said.
“Built to Withstand”
Powers explained his view of cybersecurity by using an analogy: the Navy’s systems must be protected in the same way that a Navy warship is protected. The platforms are different, but Sailors’ [and civilians’] responsibilities are similar.
Before USS Cole (DDG-67) was attacked in October 2000, he said, there was an attempt on the USS Sullivans (DDG-68), an Arleigh Burke-class "Aegis" guided missile destroyer named for the five Sullivan brothers — George, Francis, Joseph, Madison, and Albert — who lost their lives when their ship, USS Juneau (CL-52), a light cruiser, was sunk by a Japanese submarine at the Naval Battle of Guadalcanal in November 1942.
Sullivans was spared when an improvised explosive device planted by Al Qaeda sank. The Cole, also an Arleigh Burke-class Aegis guided missile destroyer, was not so fortunate. Cole had just completed refueling, Powers explained, when an IED-laden vessel was detonated next to the ship. Tragically, 17 Sailors lost their lives, and 39 more were injured. The explosion left a gaping 40 by 60-foot hole on the port side of the ship, yet the ship stayed afloat.
“It was designed as a warship,” Powers said. “It’s expected to withstand attacks.”
Today’s Navy requires armor for each platform, whether it’s steel or software. “Where you fail is where you’re vulnerable,” Powers said.
To defend an organization’s network, it’s crucial to identify key terrain and determine what needs to be protected, Powers said. There is a need for resilient defense systems — even commercial entities are beginning to openly discuss the need to adopt a military cyber defense mindset as part of their culture.
“Fighting Through It”
Powers emphasized the importance of developing and implementing processes as a protective measure. “When you train as you fight, you know how to perform rapidly and accurately during a crisis,” he said.
“Every Sailor is trained and drilled in how to rapidly respond to fire and flooding events,” Powers said. “Every Sailor takes care of that platform, their ship. We need to defend networks like Sailors defend their ship. It is not only the job of the information systems owners — an organization needs to adopt an 'all hands on deck' mindset to continually protect their network."
As an example, Powers briefly touched on the Navy’s response to hackers who managed to infiltrate — to some degree — a portion of the Navy’s networks last year. A seemingly normal reaction to an infiltration would be to completely cut off access to a network by shutting it down. However, in this case, the Navy kept the network up and running, Powers explained. Shutting it down is extremely costly and doesn’t benefit the people who need access to perform their mission.
“Our mindset now is to expect attacks and repel them, and if we happen to lose some ground, we don’t completely shut down the network — we fight through it,” Powers said.
Current and Future Needs
When asked about his top three priorities for changes in Navy cybersecurity if he were to be “king for a day,” Powers responded that for cyber platforms, the Navy should rapidly pursue software defined networking (SDN) to provide agility and speed in support of defensive cyber network maneuvers; for cyber processes, big data analytics must be leveraged to best know what is normal behavior on our networks and prioritize rapid response efforts against abnormal, nefarious behavior to include insider threats; and for cyber warriors, the Navy needs to embrace a senior government civilian technical track to retain our top cyber talent, he explained.
Powers said, “Not everyone desires to be senior managers. We need to find a way to retain our best senior cyber technical subject matter experts and allow them to promote to the senior government schedule pay grades without forcing them to be managers. If we don't, we will continue to train them for their mid-career transition into industry.”