Since the Navy Marine Corps Intranet was penetrated in fall 2013 by a foreign adversary, the Navy has successfully defeated every attack to its enterprise networks, said Vice Adm. Jan Tighe, commander of U.S. Fleet Cyber Command/U.S. TENTH Fleet.
The admiral explained that no intruder has been able to launch a successful cyber operation against Department of the Navy networks since her predecessor, Adm. Michael Rogers, led Operation Rolling Tide to clean out the infiltration.
Tighe explained what the Navy learned from Operation Rolling Tide to reporters May 6.
“You have to fight through. So, for example, if a network is compromised in 6th Fleet, the commander has to know the impact to the other operational commanders if the network is shut down or isolated. Admiral Rogers worked through this during Operation Rolling Tide. You mitigate the risk. If you shut down the network, you could shut down the Navy and have a worse effect than what an adversary would do. Now these types of scenarios permeate all our exercises — you have to fight through.
“Threats are evolving, just read the newspapers for the volume and veracity of criminals and for-profit threats to those who may not know they are probing a DoD network to commit identity theft because of the automation involved, to nation-states. It all matters because it is a threat to the mission so we have to immediately triage to determine what the threat is and maybe isolate the system by blocking attacks … maneuvering to defeat them and we may have to apply more analytic horsepower — again by putting all the options on the table in the event of a cyberattack. It really isn’t any different than applying military power or kinetic effects you have to assess the same way in determining the level of engagement, the collateral damage… It really is the maturation of the cyber mission. That is how we exercise with the maritime and combatant commanders — there are cyber aspects to any mission,” Tighe said.
Strategic Plan 2015-2020
To mark the five-year anniversary of the stand-up of FCC/10th Fleet, Tighe talked about the importance of the command’s newly released Strategic Plan 2015-2020 as a means to internally focus on its multifaceted mission, better organize resources and measure progress in each of the five pivotal, strategic goals to be achieved over the next five years.
Each of those five-year goals cite specific, verifiable outcomes that must be achieved in the next 18 months to ensure the command is on course, Tighe said.
The goals are:
-- Operate the Network as a Warfighting Platform.
-- Conduct Tailored Signals Intelligence.
-- Deliver Warfighting Effects Through Cyberspace.
-- Create Shared Cyber Situational Awareness.
-- Establish and Mature Navy’s Cyber Mission Forces.
Significantly, the strategic plan builds upon several policy documents that have been developed as the emergence of the cyber threat began to be recognized as a matter of national security, the admiral said.
These include the Department of Defense Cyber Strategy (April 2015); Department of Defense Cyberspace Workforce Strategy 2013; Secretary of Defense and Director of National Intelligence National Security Space Strategy (January 2011); and A Cooperative Strategy for 21st Century Seapower: Forward, Engaged, Ready (March 2015).
Five years ago, the stand-up of FCC/10th Fleet signified the Navy’s acknowledgement of cyber as a key warfighting pillar, critical to its mission sets. Cyberspace provides tailored signals intelligence, and assures critical Navy networks, communications, command and control and space operations.
To confront the cyber threat, the Defense Department established USCYBERCOM in 2009. In 2012, USCYBERCOM determined the need for a Cyber Mission Force (CMF) to complement existing defensive and cyber operational forces. The developing CMF consists of 133 manned, trained, and equipped elite cyber teams. Cyber Mission Forces are to include 60-person National Mission Teams, 40-person Cyber Protection Teams and 60-person Combat Mission Teams.
As Navy’s Service Cyber Component Commander to U.S. Cyber Command, FCC/10th Fleet is standing up 40 highly expert Cyber Mission Teams with a plan for the sustainability of these teams over time, according to the plan.
“We are about half-way through building [the] team. This doesn’t necessarily mean we hired new people, we could have assigned them to these billets, and then we are training to what skills are required. We are not having any problems with filling the billets or getting the workforce trained and on mission. More work needs to be done, but this is really about building capabilities and capacity in the Defense Department. We are articulating the skillsets for the people who are building the training packages and those who build the recruiting plans,” Tighe said.
“There were people we could apply to the teams right away and we trained them up and this has been foundational to building the remaining teams. But there is much more to be done in certifying the teams in the same way we certify crews and ships to train as a warfighting unit,” Tighe added.
Personnel are mix of information warfare and information systems officers and enlisted cryptologic technicians, intelligence specialists and information systems technicians.
“This is a total force plan that includes active duty, Reserve and civilian — about one-third of the force is civilian because of their expertise in defending networks — and they are part of the operational force,” Tighe explained.
The five-year plan is flexible, the admiral said, “We see it evolving so that if a policy decision allows more offensive maneuvers we can adjust, our goals are 18-month goals which we purposely factored in so we could articulate how we are doing, and we are doing the hard work of getting the metrics for our mission set and building capacity and capabilities to give the nation and the combatant commanders options.
“Cyber rules of engagement (ROE) are defined by the Joint Chiefs of Staff with U.S. Cyber Command, and over time they may change. They are policy decisions, and 10th Fleet is an operational command. Yes, the rules of engagement may change, and we have to keep our eye on the ball, but we can’t be paralyzed by it,” Tighe said.
Task Force Cyber Awakening/CYBERSAFE
With Operation Rolling Tide came the realization that there is an afloat dependency on the networks ashore, the NMCI and C4I systems. The Chief of Naval Operations directed the stand-up of Task Force Cyber Awakening as a unified effort to look at DON IT systems holistically in response to cyber threats that run the gamut from an individual sophisticated hacker to rogue and nation-states.
Using the CYBERSAFE construct, the Navy will create a process for identifying and hardening business IT and warfighting networks and systems that extends through the entire life cycle — from development, acquisition, deployment, operation, sustainment and retirement.
“Task Force Cyber Awakening and CYBERSAFE are really about outcomes harnessing the power of all the resource sponsors and TYCOMs (Type Commanders) and reducing the attack surface to mitigate risk,” Tighe said. “Everything is connected in cyberspace — communications networks, weapons systems, hull, mechanical, and electrical (HM&E) — we have to make sure we are capable of operating and defending these systems.”
It is the responsibility of FCC/10th Fleet and its subordinate commands to prevent network intrusions, respond with a sense of urgency, detect if there is lateral movement in the network and make sure that: “We are not ceding territory to an adversary,” Tighe said.
“Historically, we didn’t have a way to prioritize and respond with a sense of urgency. Every day we face unknown threats, but we have to have a way to prioritize responses and our resources, and as we acquire new investments we need a baseline to measure our return on these investments and if they allow us to respond more quickly.
“You have to know your home field, your network... There are a lot of tools and technologies that are available today that are being piloted, tested and deployed in our system that will begin to improve my ability to see [intrusions], much less my ability to then respond,” Tighe said.
Warfighting Effects Provider
FCC/10th Fleet will deliver warfighting effects through cyberspace, Tighe said.
“Combatant commanders articulate their needs to me depending on where they might have gaps; or a response I can provide [through cyberspace] may be the only capability they may use. We make these decisions together and they are assessed the same way in all conflict situations. Is the response proportional? What are the collateral effects, and in the final phase, will the infrastructure have to be rebuilt — the same assessments considering all the warfighting domains.
“We start with their priorities and our ability to deliver capabilities to a team — valid military targeting packages — just as we do for kinetic packages… Our [other] operational commanders rely on our networks, communications systems, and SIGINT, and also employ our cyber warfare effects,” Tighe said.
There is an ongoing tension between the focus on the relentless daily attacks on department networks and looking ahead to the more strategic challenges of working with industry and academia, Tighe said.
“I rely on my subordinate commands for the day-to-day operations without being disconnected from them. I have to have both feet firmly in both camps being able to respond to operations as well as opportunities.”
Connect with FCC/10th Fleet: https://www.facebook.com/USFLTCYBERCOM