By Geoff Fein
The variety of platforms combined with the varying ages of network systems pose a number of challenges for the Navy as it attempts to come up with a common level of security, according to a senior Navy official.
What first needs to be understood is that there are no silver bullets behind any of this, Vice Adm. H. Denby Starling, commander network warfare command (NETWARCOM), told Defense Daily in a recent interview.
The network structure the Navy has in place today grew up over the past 15 or more years, Starling said. “We just didn’t go out and buy it the last couple of years.”
“We have a number of networks, some relatively new, some relatively old, but they all need to be secure,” he added. “The first real challenge, when you try to look at it holistically, is how do you round these things up and get them up to a common level of security that you are comfortable with?”
The Navy operates in very challenging environments–covering every domain. It has networks on surface ships, large networks ashore, networks in the air and networks that operate in and through space, Starling said. “And none of our ships drive around dragging a T-1 cable behind them. So there are unique challenges to doing this.”
First, there is the technology piece, he noted.
“As we build new networks, we have to make sure they are as technologically secure as we can make them,” Starling said. “But the other part is, as technology moves ahead, we have to make sure our older networks, some of which have been around fairly lengthy periods of time…we have to continue to keep them secure as well.”
Unlike an airplane or ship that can continue to operate until it reaches its fatigue life, a network is never stable and the threat is never stable and the threat is always advancing, he added.
“So you have to ensure that the technology piece is acceptable across all of your networks not just with the newest ones that you are buying,” Starling said. “That can be a real challenge because as you have invested in something and it starts to get old, nearing the end of its life, still useful to you but often times there can be reluctance to make large investments in old systems. So you have to make that call, do you want to buy something new altogether, or do you want to pay to upgrade your old stuff?”
The other part of securing networks and every bit as important as the technology is, are the people who operate the systems, according to Starling. In particularl, the Navy’s unclassified networks.
The unclassified networks operate over the Internet. And they use the Internet as part of the service’s day-to-day business, he added.
“The people who operate our systems have to be smart on how they do that and they have to understand the rules of the game, every time they sit down at the computer,” Starling said.
“I always like to look at the computer problem much like the force protection problem. All of your folks have to have a certain awareness of what the rules are for force protection,” he added. “The same thing is true when an office worker sits down at a computer and that doesn’t matter if it’s a secretary at a desk, or an engineer at a systems command, or a sailor sitting down at a computer at a command center. If it’s on an unclassified system, it all touches the Internet and you have to be smart on how you operate those things.
That brings with it a training and awareness responsibility, which is also part of what NETWARCOM does, Starling said.
“There is a technology aspect to have a secure network and there is a personnel and a training aspect to having a secure network. Both of those are critical,” he noted.
The average sailor coming into the Navy today is incredibly computer savvy, Starling said. They show up really knowing how to use a computer from the operator point of view. “That’s a very good thing in that we don’t have to teach them the basic skills, and it makes it easy to teach them the tactical sides as well.”
“But I would say the other side of it is, depending upon where they come from, they have gotten very used to operating in an environment that is very open and very public,” he said. “Particularly, kids coming out of college where the environment tends to be very open and privacy concerns may be less. We have to make sure that when they operate on a government computer they have a responsibility to protect not just classified information but official use only information and any information that we call PII–personally identifiable information.”
Young sailors are going to have to understand that maybe they can’t be as open, spend as much time browsing around as many places on the World Wide Web., they might be comfortable doing if they were sitting at home on their own computer, Starling said.
“We don’t put a lot of restrictions on what folks can do, but there are just good basic user rules and user sense. If you were to pull down a list of things you should do with your home computer–keep your virus scan software up to date, make sure you are careful [when you] open e-mail from people you don’t recognize–all of the sort of basic things you do on your home computer, frankly, much of that translates to your work here in the Navy,” he explained.
But it’s tremendously important personnel are more sensitive to that, he added.
“You don’t want to open phishing e-mails that somebody may be sending to you for the particular purpose of capturing…trying to capture your computer,” Starling said. “We want people to be aware of the threat. The average home user probably doesn’t get as much threat training on the computer as we like to give our folks. We just like to make sure they understand that not everybody who sends you an e-mail is your friend, and there are a lot of folks out there that operate in the same Internet battle space you operate that may not have your best interest in mind.”
Citing the risks involved with using social networking sites, in particular because of the potential for divulging information that could prove beneficial to adversaries, the Marine Corps put in place an immediate one-year ban prohibiting service personnel accessing the popular websites through the Marine Corps’ network.
Starling said the phenomenon of social networks is something the Navy is interested in.
At a Pentagon press briefing in June, Adm. Mike Mullen, Chairman of the Joint Chiefs of Staff, told reporters he uses some of the social networks (Defense Daily, June 22).
“There is great power in the use of social networks. Folks way up in government…the Chairman is using some of these tools. I know that some of our senior enlisted are using some of these tools. and our sailors come in already being comfortable using these. They can be very effective ways to communicate,” Starling said.
“But there is risk involved with anything we do on the open Internet. Over the course of years, as hackers and others have become more and more sophisticated, they learn how to use the same tools that we use…as tools in their favor,” he added. “People learn how to do attacks through web browsers, they learn how to do attacks through very commonly used applications. While they are very powerful, they carry a level of risk.”
As social networking sites proliferate, the Navy wants to figure out how to use them smartly, Starling said, while at the same time working to understand what if any precautions the service needs to taker. “Certainly, it’s an area we are paying a lot of attention to.”