- Reaction score
- 3,796
- Points
- 1,160
http://breakingdefense.com/2016/02/navy-issues-new-cybersecurity-standards-with-more-to-come/
The article link explains the swimming lanes (about 98 of them) for a new and comprehensive cyber security plan, with hundreds of protocols "thou shalt follow".
These are excellent and forward thinking, and they will impact the standards of other navies which view themselves as sub components of US battle groups.
Now, we all know that cybersecurity is rightfully a hot topic item today, and cyber warfare is a genuine, real time risk. Our EW teams have been practising it for years in the M2M space (jamming being the most obvious example of DoS), but what these new USN standards set out is more than a best practice/rule book. It sets out requirements for the way for systems to "behave" and logical security software protocols by inference. The implication is a major capital and operational spend and and extension, entities like the RCN will adopt or be seen as a cybersecurity vulnerability. This is a project that will eventually run in to the 10's of billions for the USN.
I would expect RCN to quickly follow suit, and there will not be time to wait until the next class of ships etc.
Not getting into opsec or comsec, but we a know this new USN initiative will be, and is intended to be, disruptive and tightly managed, strictly enforced. I think the policy as a whole is needed and overdue. It will also require continuous refinement to adapt quickly to evolving threats. It will not be an option to just shut everything down and go silent, the idea is to anticipate, prevent, mitigate and counter, all without losing control of the essentials of the electronic spectrum.
Much to be written here in the coming months and years. The Canadian government is going to have to pay up and implement near identical policies and spend on defensive and offensive EW and IW systems and capabilities for th RCN. And, they need to recruit the talent, which means competing in a labour pool that already a has a projected gap of more than 3 million people in private industry.
The article link explains the swimming lanes (about 98 of them) for a new and comprehensive cyber security plan, with hundreds of protocols "thou shalt follow".
These are excellent and forward thinking, and they will impact the standards of other navies which view themselves as sub components of US battle groups.
Now, we all know that cybersecurity is rightfully a hot topic item today, and cyber warfare is a genuine, real time risk. Our EW teams have been practising it for years in the M2M space (jamming being the most obvious example of DoS), but what these new USN standards set out is more than a best practice/rule book. It sets out requirements for the way for systems to "behave" and logical security software protocols by inference. The implication is a major capital and operational spend and and extension, entities like the RCN will adopt or be seen as a cybersecurity vulnerability. This is a project that will eventually run in to the 10's of billions for the USN.
I would expect RCN to quickly follow suit, and there will not be time to wait until the next class of ships etc.
Not getting into opsec or comsec, but we a know this new USN initiative will be, and is intended to be, disruptive and tightly managed, strictly enforced. I think the policy as a whole is needed and overdue. It will also require continuous refinement to adapt quickly to evolving threats. It will not be an option to just shut everything down and go silent, the idea is to anticipate, prevent, mitigate and counter, all without losing control of the essentials of the electronic spectrum.
Much to be written here in the coming months and years. The Canadian government is going to have to pay up and implement near identical policies and spend on defensive and offensive EW and IW systems and capabilities for th RCN. And, they need to recruit the talent, which means competing in a labour pool that already a has a projected gap of more than 3 million people in private industry.
