A year-old task force that has been conducting a holistic and enterprise-wide review of how the Navy organizes, resources and better positions itself for its cyber security needs shortly plans to recommend that it become part of the service’s permanent organizational structure, the official that leads the effort on a daily basis said in a recent interview.
The task force will report to the Navy’s senior leadership on its findings and achievements and “highlight areas of organizational change and cultural shift that we’re looking for” and recommend that “these are the things we need to organize around in this new environment [and] that they can’t be underneath the construct of a task force, that it needs to be part of our organizational structure formally,” Matt Swartz, director of the Communications and Networks Division within the Office of the Deputy Chief of Naval Operations for Information Dominance, told sister publication Defense Daily in an Aug. 13 telephone interview. Swartz said the recommended organizational construct should be ready in a “couple of weeks.”
Swartz expects that after the recommendation is made the task force will “most likely stand down” and the Navy will “stand up an enduring organization that will take on these roles into perpetuity and is something that we manage going forward that is just normal operations and daily business.”
Task Force Cyber Awakening stood up last summer and is “tasked to deliver fundamental change to Navy’s organization, resourcing, acquisition and readiness by extending our cybersecurity apparatus beyond traditional IT to our combat systems, combat support and other information systems while aligning and strengthening authority and accountability,” the office of the Deputy CNO for Information Dominance said a Dec. 2014 article in CHIPS, the Navy’s information technology magazine.
Vice Adm. Ted Branch, the deputy CNO for Information Dominance, established TFCA at the direction of the CNO. Swartz said TFCA has had sustained backing from the service’s senior leadership.
Swartz said that TFCA has had “constant dialogue” at the three- and four-star level within the CNO and Vice CNO chains of command and it also been working with the service’s acquisition community.
“I think that’s been a large part of our success is the level of commitment they provided to us,” Swartz said.
Last November, TFCA made good on its first deliverable, a cyber resiliency plan, which the Navy is using to help prioritize its investments, Swartz said. The plan will continue to be worked on, he also said.
The resiliency plan was put together by reaching out across the Navy enterprise to review the various cybersecurity assessments that were ongoing, as well as related recommendations, collect these and then work across the Navy “to prioritize what things to do first wand where to focus our initial investments out of the chute,” Swartz said. The Navy has been executing against these priorities since FY ’14, he said.
In addition to working across the Navy, Swartz said that TFCA also reached out to industry, academia and other Defense Department components on the resiliency plan.
The resiliency plan helps with the development of the next deliverable under TFCA, the Cybersafe program, which has achieved initial operating capability. Cybersafe essentially is making sure the specifications, standards, training, procedures and in some cases materiel solutions are in place so that critical mission capabilities across the enterprise have resiliency built in.
“We’re taking a couple of selected systems through that process now,” Swartz said. “As we get through this initial look in taking these systems through this process, in the near future we will be able to determine for those specific programs are there materiel things that we need to enhance, are their training things that we need to enhance, or are there procedural things that we need to enhance within that program of record to make it cybersafe, and that is meeting the standards as defined by our chief engineers.”
The final and pending deliverable of TFCA is the implementation plan and organizational construct for overall Navy cyber security that Swartz and his team will soon brief senior leaders on.