Forums => Navy General => Topic started by: Cloud Cover on February 26, 2016, 10:51:52

Title: Navy Cyber Security Plan (USN wil impact RCN)
Post by: Cloud Cover on February 26, 2016, 10:51:52‎

The article link explains the swimming lanes (about 98 of them) for a new and comprehensive cyber security plan, with hundreds of protocols "thou shalt follow". 
These are excellent and forward thinking, and they will impact the standards of other navies which view themselves as sub components of US battle groups.
Now, we all know that cybersecurity is rightfully a hot topic item today, and cyber warfare is a genuine, real time risk. Our EW teams have been practising it for years in the M2M space (jamming being the most obvious example of DoS), but what these new USN standards set out is more than a best practice/rule book. It sets out requirements for the way for systems to "behave" and logical security software protocols by inference. The implication is a major capital and operational spend and and extension, entities like the RCN will adopt or be seen as a cybersecurity vulnerability. This is a project that will eventually run in to the 10's of billions for the USN.
I would expect RCN to quickly follow suit, and there will not be time to wait until the next class of ships etc.

Not getting into opsec or comsec, but we a know this new USN initiative will be, and is intended to be, disruptive and tightly managed, strictly enforced. I think the policy as a whole is needed and overdue. It will also require continuous refinement to adapt quickly to evolving threats. It will not be an option to just shut everything down and go silent, the idea is to anticipate, prevent, mitigate and counter, all without losing control of the essentials of the electronic spectrum.

Much to be written here in the coming months and years. The Canadian government is going to have to pay up and implement near identical policies and spend on defensive and offensive EW and IW systems and capabilities for th RCN. And, they need to recruit the talent, which means competing in a labour pool that already a has a projected gap of more than 3 million people in private industry.

Title: Re: Navy Cyber Security Plan (USN wil impact RCN)
Post by: Mike5 on February 29, 2016, 10:45:53
Good link, thanks.  The articles talks about "970 controls".  Does anyone know if the USN has published the control statements?
Title: Re: Navy Cyber Security Plan (USN wil impact RCN)
Post by: Cloud Cover on February 29, 2016, 14:21:01
I'm going down to an Old Crows event in a few weeks. Should know more then. There is a lot of concern about the apparent 'non-rigid' enforceability of this. It is not enough to say "we will orient" this way or that, "depending on circumstances".  Every computing system or device, whether weapons or non-weapons related, fixed, or airborne or seaborne, classified or unclass, protected, hardened or off the shelf, is a potential vulnerability that increases by orders of magnitude depending on state and connection.   

There has been so much new equipment added to inventory that is equipped with autonomous links for everything from status reporting to maintenance logs, it is difficult to even inventory what data is being transmitted upstream, to where, and why. Even more worrying is the inbound data .... a lot of DPI tests conducted lately are resulting in some very surprising WTF moments.