Navy Cybersecurity Program Office supports HacktheMachine:Unmanned

A member of the Navy Cybersecurity Program Office (PMW 130) appears on the control room monitor during live broadcasting of the 2021 Hack the Machine: Unmanned cybersecurity challenge, designed to accelerate the U.S. Navy’s Unmanned Task Force. (US Navy/Rick Naystatt)

WASHINGTON — The Navy is still awaiting approval of its cyber strategy from the Defense Department, and while one service official anticipates it being released as soon as next month, that timeline isn’t set in stone — leaving it unclear as to when the service can go public with the document outlining it’s cyber vision. 

Chris Cleary, the Navy’s principal cyber advisor, told Breaking Defense on Tuesday that he anticipates DoD to release the service’s strategy in May. And while it’s hardly unusual for high-level strategies or documents to be delayed in the Pentagon, given the length of the review process and the department bureaucracy, the service’s strategy release is now almost two months behind its stated schedule.

The strategy will be a more detailed version of the two-page cyberspace superiority vision which was released last October. The Navy laid out three core principles — secure, survive and strike — that it would follow to improve its cyber posture in the superiority vision.

As for what’s in the upcoming cyber strategy, Cleary told Breaking Defense at the sidelines of the AFCEA Tech Summit on Tuesday that it’ll hit on things that are expected, like zero trust and workforce development, but also focus on things that haven’t traditionally been called out, like securing defense-critical infrastructure. 

“And the thing you will hear from me a little bit more aggressively moving forward is the whole defense critical infrastructure part of this discussion, because it maps directly back to the National Defense Strategy,” he said. “And I think what changes the dynamic now, is that before, and I mean, before, like 10 years…it’s been a little bit of a moving target, because we haven’t had these higher level strategies come out. 

“So you didn’t really know if you were making progress towards a particular commander’s” goals, he continued. “But now things like zero trust are the strategy, identity is the strategy, defense critical infrastructure, and its dependence is mapped back to National Defense Strategy.” 

In February, Cleary told reporters the strategy was “in a holding pattern” until broader OSD-level strategies were released, which also gave the service a bit more time to ensure the document aligned with the National Defense Strategy. At the time, he said the cyber strategy would be released within the next month “or so,” which would’ve been March.

At that time he also said that as part of securing its defense critical infrastructure, the service will be continuing to mature some key prototype programs that are focused on that particular area. He added that the Navy in particular was the “lead dog” in the effort to secure defense critical infrastructure.

“I work very closely with the other principal cyber advisors,” he said February 14. “We have now taken it upon ourselves to be, again, sort of the lead advocates for how we’re going to get after deploying defense critical infrastructure security within the departments.”