Lt. Christian Asaban views a computer monitor aboard the forward-deployed Arleigh Burke-class guided-missile destroyer USS Fitzgerald (DDG 62) during Multisail 17. (U.S. Navy photo by Mass Communication Specialist 2nd Class William McCann/Released)
WEST 2023 — The Navy plans to release a new cyber strategy within the next month “or so” after ensuring the service’s cyber priorities align with the Pentagon’s broader goals, the service’s principal cyber advisor told reporters today.
The strategy will be a longer, more detailed version of the two-page Navy Cyberspace Superiority Vision, which was released last October. The document listed three core principles — secure, survive and strike — that the service will follow to improve its cyber posture.
Speaking to reporters at the AFCEA WEST conference, Chris Cleary, the Navy’s principal cyber advisor, said the more detailed strategy had been drafted months ago but is “in a holding pattern” so the service could wait until broader Defense Department-level strategies were out, including the Pentagon’s own cyber strategy, in order to ensure the Navy’s strategy aligns with them.
“So as these other strategies have dropped, most notably the National Defense Strategy… [it] talks about this idea of integrated deterrence,” Cleary said. “Deterrence through denial, deterrence through resiliency, deterrence through imposing cost. I think I caught a break because that sounds a lot like secure, survive, strike.
“But when I look at those three overarching premises, well, then it’s my job to ensure the secretary is working to align to those three things… I think we are aligning to exactly what the National Defense Strategy is calling for, but more importantly, this idea of resilience when we talk about the way that we’re going to fight for operational technology, defense critical infrastructure in particular,” he continued.
That last bit, the defense critical infrastructure, he said, as “always been on the list” but is now a “core pillar of our National Defense Strategy.
As part of improving securing defense critical infrastructure, the Navy will also be working to “continue to mature” some of its key prototype programs focused on that area, including the More Situational Awareness for Industrial Control Systems (MOSAICS) and the Situational Awareness, Boundary Enforcement and Response prototypes.
Cleary said the Navy has been the “lead dog” in the effort to secure defense critical infrastructure.
“I work very closely with the other principal cyber advisors,” he said. “We have now taken it upon ourselves to be, again, sort of the lead advocates for how we’re going to get after deploying defense critical infrastructure security within the departments. And what I’ve been trying to do very aggressively is to get the services to proverbially slap the table and say, you know, we’ve all used the MOSAIC language… can we agree MOSAICS is the way we’re going to proceed so we’re not chasing the next good idea fairy, right?”
Following the release of the more detailed 10-page strategy, which Cleary said will be “in a month or so” and will outline seven lines of effort, the Navy and Marine Corps will release accompanying implementation strategies.
