Vice Adm. Tom Moore has listed “cyber” as a top priority for Naval Sea Systems Command (NAVSEA) since assuming command four years ago, but despite the emphasis, the organization hadn’t found a way to define and pursue cyber and digital issues in any kind of unified way.
Even after nudging from former Chief of Naval Operations Adm. John Richardson to get after digital transformation, Moore found that NAVSEA’s chief information office was handling shipboard network issues one way, program executive offices were working on their own software packages and cyber defenses for combat systems and radars, and NAVSEA’s naval systems engineering directorate (SEA 05) was doing its own pilot programs with digital twins and data analytics.
“We had all this going on and it was a series of pilots. And so last year as I surveyed the landscape, I was happy that we had made some progress, but it became pretty clear to me that there wasn’t one single accountable person for this,” Moore told USNI News in a May 20 phone interview.
“Some of that was okay initially because I think we needed to start with a lot of pilot projects because we didn’t know what we wanted, and so we just kind of let people run off and work on stuff. But it was pretty clear that the organization we had was never going to eventually pull all of this together, and I needed one single accountable person to do that.”
In mid-April, Moore announced the standup of a Cyber Engineering and Digital Transformation Directorate (SEA 03) that would be led by Rear Adm. Huan Nguyen, a Navy Reserve admiral with extensive experience in cyber, electronics and data both in the military and in industry.
“The first step in establishing this new organization was to merge our CIO shop (SEA-00I) into SEA-03 with the intent of transforming our traditional IT mission to a new and improved service delivery. This is a necessary step to moving out on digital business initiatives,” Moore wrote in an email to the NAVSEA staff.
“The next step will be to evaluate key cyber and digital initiatives across the NAVSEA Enterprise and make recommendation for further organizational alignments. It will involve strategic changes in how we do business in order to meet the challenges of the changing digital environment and unity of effort for NAVSEA cyber acquisition and digital engineering. We will keep you posted as we implement these strategic changes.”
Though the Naval Information Warfare Systems Command (NAVWAR) handles cybersecurity for shipboard networks and communications tools, NAVSEA has the technical authority for cyber on everything else on a ship: hull, mechanical and electrical systems, radars, sonars, combat systems and anything else that sailors use to sail and fight their ship.
“We own cybersecurity, cyber robustness and the ability to operate in a cyber environment for everything on the ship,” Moore said.
“And so the PEOs are out there building ships. Every company in the world today has a boutique solution for how they protect their network, their radar – there’s a constant parade at my door of people coming in and saying, I can help you with this. What we didn’t have was a common approach for how we were going to get this done, and so I think on the cyber side of the house, first and foremost, it was, how do we get after a common set of tools to go on the ship that provide cyber detection, protection if you will, to pace the threat that was out there today? And then how do we make sure we’re designing systems so that they’re cyber-hardened to face the threats of the future?”
That’s where Nguyen and his new staff will come in.
In an ever-changing environment, he said, his new directorate has been empowered to eliminate duplication of effort, provide guidance on cyber and digital issues, and elevate cybersecurity to the forefront to ensure that all ships are able and ready to detect, defend and recover from attacks, he said during the interview.
Nguyen said the key to this is to take advantage of expertise already in the Navy by collaborating with warfare centers, U.S. 10th Fleet, the Department of the Navy Chief Information Officer (DON CIO), the deputy chief of naval operations for information warfare (OPNAV N2/N6) and others who are already experts in these fields. Though his new job, Nguyen said he’d have good insight into all of NAVSEA’s cyber and digital efforts so he can serve as a bellybutton for others looking to collaborate.
He said the current COVID-19 pandemic has forced digital-focused offices to come together to find solutions, and “there’s an unprecedented level of cooperation and collaboration between these organizations and us,” which he called “the blueprint for how we move forward in the future within the Navy.”
Moore said one important function of this new directorate would be to help push out fixes as cyber vulnerabilities are discovered. Whereas Apple can just automatically push out patches to all iPhones, Moore said, it’s a little more complicated than that when it comes to reaching all the systems on all the Navy’s ships and submarines in various stages of deployments, training and maintenance availabilities.
SEA 03 will help oversee this effort, not only ensuring that vulnerabilities are discovered and patches are written but also maintaining a database of all the ships and all their gear and making sure that all applicable systems ultimately install any updates they need.
Nguyen said that, beyond cybersecurity – both for ships already in the fleet, as well as working with program managers designing and building new ships and unmanned vessels – the digital transformation side of his portfolio had some interesting opportunities as well. He said the office could contribute to improved on-time and on-cost delivery of ships through new digital tools, standardization of how work is done across the enterprise, and speeding up the fielding of new capabilities compared to traditional processes.
Early efforts by SEA 03 include a conditions-based maintenance tool that SEA 05 had been working on, that would take data from HM&E equipment and help identify needed corrective maintenance actions early. Nguyen said there was also a cyber readiness dashboard effort underway to show the NAVSEA commander the status of fielded systems, including which ones were approaching the end of their three-year authority to operate (ATO), part of the Navy’s effort to ensure that only cyber-secure systems are still being used in the field.
Related is a “RMF in a Box” project Nguyen described, related to the risk management framework (RMF) five-step process to certify that a combat system, HM&E system or other item can be safely installed and operated on a ship in a cyber environment.
Moore explained that he as NAVSEA commander has to re-certify every system every three years, and that thousands of systems end up operating under interim approvals because they can’t get through the process in a timely manner.
He called the system, overseen by 10th Fleet, “unwieldy at times and cumbersome at times because of the amount of work you have to go through, and they’ve done a lot of really good work, [Nguyen’s] team, as to how to streamline the system but do it in a way that doesn’t remove any of the rigor that’s necessary to get a system to a final [authority to operate].”
Moore added that this initiative, in particular, is of interest to current Chief of Naval Operations Adm. Mike Gilday, a former 10th Fleet commander.
“When your boss knows more about the issue than you do, that’s always a challenge – but Adm. Gilday, he is a cyber expert, and he lived it at 10th Fleet, and so he’s really made this a point of emphasis,” Moore said, noting the ultimate goal of the project is to reduce the number of systems operating with interim approvals and to make it easier to bring new systems online and get them certified for use.
Nguyen said SEA 03’s mission was to “deliver combat power to the fleet through enterprise digital capabilities, infrastructure for cyber-secure digital work and innovation, and enhanced enterprise user’s experience.” This work falls into nine main categories:
- Engineer, secure, and defend the cyber and digital ecosystem
- Execute the business of cyber and digital
- Design, deliver, and sustain the cyber and digital ecosystem
- Execute digital work and decision-making
- Manage cyber and digital skills
- Deliver digital data effectively
- Develop the digital architecture
- Promote and enable digital innovation
- Implement model-based systems engineering