Changing Infosec Culture in the Navy
The Navy, like other branches of the armed services, is among the most innovative users of information and computer security technologies. But is its culture keeping up with technological changes? Navy CIO Robert Carey thinks the service branch is trying, but can do a better job in making those cultural changes.
Carey, in his most recent blog, writes:
"In order to be successful in the Information Age, we must change some of our processes and our culture to provide our warriors the information tools necessary to secure our nation and achieve and information advantage."
Carey discusses in the blog Naval Networking Environment (NNE) 2016, an initiative, in Carey's words, "to integrate network architectures across afloat and ashore." When NNE is fully implemented sailors, Marines and other Navy personnel will have access to specifically tailored information anywhere along the global information grid. NNE is driven by imperatives such as the ability to fight upon arrival with assured information management and communications; achievement of a more holistic command, control, communications, computers, intelligence, surveillance and reconnaissance approach secure information sharing; and a realized identity management schema that allows for role-based access to information, as well as attribute-based access control, he says, adding that it also requires a shift in information culture.
To do so, Carey writes, the Navy must change its ways in three key areas to be able to succeed in Information Age warfare: decision agility, budget process and acquisition process.
On decision agility, he writes:
"We must be able to make decisions in near real time and adjust our network security within months not years. Information technology-based opportunities will require "in-execution year" decisions. We must achieve unity of command/effort and governance to ensure that decisions are made and enforced rapidly across the enterprise."
On budget process:
"Today's process is inconsistent with Moore's Law and the effects of the Information Age. Our present PMO (Program Objective Memorandum) cycle, while excellent for the acquisition of ships, tanks and planes, does not support nascent information technology changes in the 21st century."
On acquisition process:
"Like our budget process, today's acquisition processes best support the acquisition of aircraft and ships but do not support information technology cycle times and the realities of the cyber threats we face. The Federal Acquisition Regulation/Defense Federal Acquisition Regulation and Department of Defense 5000 series of acquisition policies all allow for tailoring, but have we done so?"
Carey concludes by saying the Naval Networking Environment is the Navy's way to work each facet of the problem in an integrated way to drive success.