SAN DIEGO, Calif. — The military services must deliver information and data to warfighters, from fleet commanders to pilots, that’s timely, accurate, secure and not compromised by the growing threats from network intruders and attacks, the Navy’s top cyber official told a San Diego defense conference.
“It’s about assured C2 (command and control). It’s about giving tactical operators the assurance that the data that they are looking at — whether it’s on a computer screen or the cockpit of a Super Hornet — is data that they can trust,” Vice Adm. Michael M. Gilday, commander of Fleet Cyber Command and 10th Fleet, said in a session with a WEST 2017 conference audience.
“If you are in a cockpit, you can be assured that the track that you are going to shoot at is the track you want to shoot at. It’s the same thing for a fleet commander,’ Gilday said. “He has to be assured that the orders he is putting out to the force have not been tampered with.”
“Network defense remains our number one priority,” he said. “It’s more important than offensive cyber.”
“Our aspiration is assured C2 in a communications-denied environment,” he added.
The goal is to push out analytics “to the tactical edge” and report back to higher headquarters to provide a better cyber COP, or common operating picture, and cyber situational awareness, “which we lack right now,” Gilday said.
The Navy is on track with building its Cyber Protection Teams and other cyber forces over the next few years that provide passive and active defense, along the perimeter and at the core of cyber networks. Cyber defense is a 24/7 mission. “Our optempo is a constant 24/7/365,” Gilday said. “We are always on mission.”
The Navy retains seven of its 40 Cyber Protection Teams, half which are poised for cyber defense missions while the other half for cyber offense capabilities. They are among the 113 teams that are being formed across the military services. So far, 26 Navy CPTs have reached full operating capability (FOC), and the rest will be fully capable by summer, a year earlier than planned, Gilday said.
Already, the Navy has enlisted its 40 teams to support cyber missions to some degree after Fleet Cyber equipped them with initial kits that will be refined and standardized once an ongoing assessment is completed. “The initial push was, get them on a mission,” he said.
Much work remains, however, in the critical need to track activity and identify intruders in the network and also determine their intents and impacts. “We’re still challenged with that insider threat,” Gilday said. Attacks on networks move very rapidly, which make it harder to identify threats and respond before damage is done. Offensive cyber “will always have the tactical advantage,” he later said.
The cheap availability and rapid evolution of malware, especially those that are stealthy and lethal, aren’t making defenses easy. “I need better tools than the adversaries have,” Gilday told a panel audience later in the afternoon.
That might include artificial intelligence.
The service is looking at A.I. capabilities to defend the network, help block and fight potential intruders and analyze the “near-second turn” on critical information that warfighters need. “We’ve seen that the adversary moves very, very quickly,” Gilday said. Cyber Command is piloting with theSpace and Naval Warfare Systems Command to take a deeper look at its network architecture through various AI subsets “so we can detect that insider threat,” he said. “We need to do better.”
“The degree of automation in offensive cyber is spiraling,” Gilday said, and that’s making defending networks more challenging. “Artificial intelligence is where we need to go, and where we need to make an even bigger investment.”
One of SPAWAR’s top priorities is bolstering the Navy’s information technology infrastructure, the SPAWAR chief told the conference. That means upgrading systems and incorporating stronger defenses to help identify cyber intrusions, protect networks, defeat the threats and respond to those threats when needed.
“Industry has gone that way. We are going that way,” Rear Adm. David H. Lewis, Space and Naval Warfare Systems Command, said in a morning session. “We don’t make the assumption that our insides are clean.”
Lewis equated some network attacks as “smash and grab” burglaries, intrusions that can cripple networks and compromise data and leave sometimes obvious clues or fingerprints as to the source of the crime. But it’s not always the case, though, and sometimes an attack is much of a mystery as it is a mess.
“Our adversaries don’t… want us to know that they were there.”
