Naval Intelligence Director: Navy Must Learn to Fight Through Cyber-Attacks

September 14, 2017 7:29 PM
Lt. Jesse Packard checks information on a computer in the combat information center aboard the San Antonio-class amphibious transport dock ship USS Mesa Verde (LPD-19). US Navy Photo

Cyber-attacks will happen and so developing a means to isolate intrusions at sea and keep moving is imperative, said the Navy’s top intelligence officer.

Now, once security experts detect a cyber-attack, the typical response is shut down all systems and then scrub them for malicious code or software, said Vice Adm. Jan Tighe, Deputy Chief of Naval Operations, Information Warfare/Director of Naval Intelligence. Tighe was speaking Thursday about the Navy’s preparations for cyber-attacks during an event sponsored by the U.S. Naval Institute at the Washington D.C.-based Center for Strategic and International Studies.

“[At sea]you can’t shut down the propulsion, and the navigation system and the communication system while you clean up,” she said.
“That’s not going to work.”

As the Navy designs ships of the future, such as current discussions about a new class of frigate, Tighe said the systems architecture should be designed to isolate problems without shutting down the entire ship. The Navy must develop new standards to be used when identifying potential cyber-attacks and incorporate these standards into ship design.

Following a 2013 cyber-attack on Navy computer systems by Iran, the Navy sought to develop better strategies for mitigating such events. Following the fix — Operation Rolling Tide — Tighe said cyber security experts in the Department of Defense started looking at cyber-attacks differently.

The advice at the time was shut down the entirety of the Navy and Marine Corps internet access until the intrusion was cleaned up. With more than 300,00 accounts, Tighe said that was unrealistic. The business of the Navy would stop.

“That was a sea change for the cyber security community in the Department of Defense,” Tighe said.
“Your response can’t be you’re just going to shut it down and clean it up.”

Instead, a new focus was put on identifying critical components and keeping a cyber intrusion from spreading throughout a network and infiltrating much more than the point of entry. The goal, she said, is limit damage while fighting through an attack.

“It’s the same thing you do if a ship had an explosion, you’ve seen it with the Fitzgerald and McCain,” Tighe said. “How do you fight through the water intruding into the skin of a ship. You begin to batten down the hatches and isolate the intrusion. You continue to fight through.”

The problem, Tighe said, is getting industry to catch up to this desire to protect such things as a ship’s propulsion plant. She wants more resources dedicated to creating a way the Navy to detect when a ship’s electronic components are operating in an erratic manner and when something like the propulsion system is under a cyber-attack.

“There’s not nearly the amount of work going into securing physical devices that connect to a network,” she said “Our cyber security tools that we look at for the traditional I.T. networks do not work inside of the control systems. We need that innovation and development to continue to grow and then I got to be able to get it on the ships.”

Ben Werner

Ben Werner

Ben Werner is a staff writer for USNI News. He has worked as a freelance writer in Busan, South Korea, and as a staff writer covering education and publicly traded companies for The Virginian-Pilot in Norfolk, Va., The State newspaper in Columbia, S.C., Savannah Morning News in Savannah, Ga., and Baltimore Business Journal. He earned a bachelor’s degree from the University of Maryland and a master’s degree from New York University.

Get USNI News updates delivered to your inbox