Navy: Cyber resilience also means having a plan to operate without a network

snagfilms-a.akamaihd.netbarrett-c4conf2017-4646e751bf91f399c3b72543975382e434f17d43-1.jpg

Defending the Navy’s networks in cyberspace isn’t always about leveraging the latest innovative technology. Sometimes, it’s about knowing how to restore a system manually in the physical domain, according to Rear Adm. Danelle Barrett, director of the Navy Cyber Security Division in the Office of the Chief of Naval Operations.

“You’re never going to have an impenetrable network, that is a fool’s errand. You will have the ability to fight through the hurt, and that’s where we focus our effort in the Navy,” she said during a panel discussion at the annual C4 Conference on May 3. That ability will often require non-technical solutions.

“That involves making sure commanders – operational commanders – understand, what is our no-fail mission. Not our cyber mission, our no-fail mission,” such as missile defense or disaster relief, Barrett explained. “Then what’s the cyber key terrain that supports that mission and needs to be 100 percent reliable – or resilient in a way that you can operate through hurt.”

Once those areas are identified, a mature cyber support team should have plans in place for any eventuality, including total loss of the network. That also includes making sure commanders understand what resiliency should mean to them.

“It could mean, today, you don’t have your network, not for a couple hours during an exercise, but what if you don’t have any for a month? And you’ve built all your processes around being reliant on your data that way,” Barrett said. “How are you then employing processes that are not technology to work around that and get your no-fail mission done without your network?”

“By identifying our cyber key terrain we’re able to identify where to put our resources and where to put our highest levels of readiness to support those no-fail missions. For us in Navy, that’s been a big emphasis.”