WASHINGTON (NNS) — Vice Admiral Jan E. Tighe, commander, U.S. Fleet Cyber Command/U.S. 10th Fleet, has said the Navy must "operate the network as a warfighting platform."
Like a warfighting platform or weapons system, the Navy's network must be fully operational when needed, which means it must be well-defended and resilient.
There are other ways the network is like a weapons system, though.
The configuration of our combat systems is strictly controlled so operators can't change it because unauthorized modifications could jeopardize these systems. Navy networks may be easier to modify but the principle that applies to weapons systems also applies to the network: Don't make unauthorized changes to it.
This means not plugging in unauthorized devices, such as thumb drives and cell phones, because they may unknowingly contain bad software that can allow intruders inside the Navy's network. Not making changes to the network also means not loading unauthorized software because it could contain malicious code that weakens the Navy's defenses.
Operators are trained before being allowed to operate our combat systems. Training needed to use the Navy's networks is much less detailed but the concept is the same — operators need to follow the principles covered in the training required for network access. Following Navy computer policy and best practices as described in the October 29 article "What All Hands Need to Do to Protect Against Cyber Threats" will also help defend our networks:
- Always verify the source of emails and the links in emails
- Don't open suspicious links in emails, tweets, posts, messages or suspicious attachments
- Don't connect unauthorized devices to Navy networks
- Remove your CAC or lock your computer when not using it
- Use strong passwords
- Safeguard your personally identifiable information (PII) so adversaries can't use this information to trick you into surrendering data they need to breach our networks and systems
- Don't use peer-to-peer file sharing programs
- Stay on known and good websites
- Don't use Navy systems in unauthorized ways
Like weapons systems, unsafe actions on the network, like loading unauthorized software or plugging a thumb drive into a computer, should be promptly reported to keep malicious software from compromising the Navy's networks and systems. Because safety is a top priority for those operating and maintaining weapons systems, safety violations must be promptly reported. Similarly, there are dangers associated with operating Navy networks and systems because user actions can jeopardize operations.
A mistake by one weapons system operator can put the entire crew at risk. Because Navy systems are so interconnected, a successful cyber-intrusion anywhere in the Navy increases the risk that adversaries can move to other targets on the network. Therefore, like weapons systems, a mistake by one network user puts everyone and the mission at risk.
The parallels between weapons systems and the network apply to leaders and the cyber workforce too. Like those who maintain weapons systems, the cyber workforce should be well-trained, tested, and required to maintain the right level of proficiency. Operating procedures should be well-documented, current, and enforced. Cyber specialists should also strictly comply with directives and policies and report compliance. Leaders are responsible for the readiness of their weapons systems. Likewise, they are also responsible for the readiness of the Navy's systems and networks.
Adhering to cybersecurity policies, directives, and best practices is commanders' business and requires an All Hands approach to protect the Navy and the mission. Your commitment to cybersecurity will protect the Navy and help us win the cyber fight.
Please refer to the Acceptable Use Policy for DON IT Resources to understand standards when using Department of the Navy information technology resources for official and authorized unofficial purposes.