Navy Commander Kevin Blenkhorn, a computer sciences professor at the U.S. Naval Academy, works with his Joint Services teammates during the U.S. Army’s ‘Cyber Center of Excellence’, Fort Gordon in Augusta, Ga., hosted a multi-service ‘NetWar’ to show, and build, cyber Warrior capabilities Tuesday, June 10. (Georgia Army National Guard photo by Staff Sgt. Tracy J. Smith)
WEST 2024 — The Navy’s next principal cyber advisor’s (PCA) biggest challenge will be bringing together different leaders under its service in order to foster a shared “responsibility for cybersecurity,” according to the current official in the role.
Speaking at a panel here, Scott St. Pierre, who has been the Navy’s PCA for three months after former PCA Chris Cleary’s departure, said that will entail bringing together the systems commands with the service’s “threat folks,” the threat personnel with operators and operators with systems commands.
“Those are the next steps that are going to be most challenging because … people are messy, right?” Pierre said. “Everybody’s like, ‘No, that’s mine. I don’t want to touch it.’ or ‘Hey, this isn’t really for you to worry about, I’m the operator.’ … What we really need to do is help everybody understand that we’re all in this together.
“Each and every one of us in this room today has a shared responsibility for cybersecurity… So at the end of the day, that’s really the greatest challenge that I face,” he added.
RELATED: With Ospreys grounded, Navy surges last squadron of legacy C-2A Greyhounds
Pierre, previously the director of Navy enterprise networks, will have a short stint in the job of principal cyber advisor, as he said that the service’s undersecretary has selected a PCA who will take over “in the next three weeks to six weeks.” Following the panel, Pierre declined to tell Breaking Defense who the next PCA is, but said his stint as PCA could be extended another 30 days.
Speaking on the same panel, Navy Chief Information Officer Jane Rathbun, who works closely with the PCA, said the service needs to get better at managing its data. Currently, the service doesn’t “really have tagging criteria or requirements for data,” she said, adding that the service has a “crapload of data.”
“And so how do we protect the data at the data layer?” Rathbun said. “How do we move that data where it needs to be securely? How do we know who’s accessing our data? … And then how do we know what device that data is being consumed off of?”
FULL COVERAGE: West 2024 Conference
To that point, the Navy will also have to start rethinking the relationship between risk and consequence of “loss of data security classification” when it comes to things like large language modeling, Rathbun added.
“Our future state has to be one where we’re more agile or more data level-focused about how to protect our data, secure our data and maneuver our data that doesn’t require us just to think about things in terms of [Top Secret], secret, [controlled unclassified information],” she said. “I will not be able to leverage any large language modeling if I can’t co-mingle that data.”
