After two years, the Navy has developed their “Cyber Strategy Prioritizes Threats.” The Navy’s strategy is a “five year strategy from U.S. Fleet Cyber Command to understand how successful we are in prioritizing the most important threats that are coming at us and being able to respond with a sense of urgency.”
The article goes on to say that Vice Admiral Jan Tighe, head of the Navy’s 10th Fleet or Navy Fleet Cyber Command wants what any head of a large enterprise would: awareness of network vulnerabilities. But the unique vastness of the networks she is charged with defending — the Navy Marine Corps Intranet is one of the largest in the world — has made that situational awareness elusive. So the new strategy sets out to give the Navy a common operating picture in cyberspace by deploying more sensors and other network tools.
The Navy, like any large enterprise with its vastness and ever-changing boundary with mobile devices needs to continue to refine their strategy and take a Digital Risk Management approach — one that elevates the security of its information assets and resources to the same level as all other mission/operational priorities, and then decisions involving these resources should be made at the most senior levels of the Navy, U.S. Cyber Command (USCYBERCOM) – the Department of Defense’s (DoD) top level organization responsible for Cyber operations and activities — and the DoD. In her role, Admiral Tighe is an operational warfighter as the head of Navy Fleet Cyber Command, but she is also the CIO/CISO for the Navy and needs to have direct involvement with the most senior Navy and DoD leaders in decision-making regarding Navy information assets/resources that can affect operational missions.
The article goes on to say “Situational awareness is one of the strategy’s five goals. Two of the other goals emphasize cyberspace as a war-fighting domain, another calls for expanding the service’s signal intelligence capabilities, while the last goal focuses on building out the Navy’s cyber mission force. The service has stood up about half of its 40 cyber protection teams, Tighe said, adding that feeding these teams improved analytics will help them better defend Navy networks.”
While the other goals here will clearly provide the Navy, USCYBERCOM and DoD additional cyber intelligence and operational capabilities, along with those of the U.S. Army and U.S. Air Force (who both have similar cyber intelligence and operational capability teams), the Navy could enhance their overall cyber strategy by taking on a more focused Digital Risk Management approach to their cyber strategy.
A Digital Risk Management approach would provide a practical, analytical discipline for managing risk from an operational mission perspective by enabling senior leaders and cyber leaders and their security organizations the ability to collaborate on operational mission decisions. Digital Risk Management focuses on managing risk across operational mission functions and capabilities by relying on quantification of the operational mission impact of digital risk. This enables operational mission leaders to understand their operations from an operational mission perspective and for the organization as a whole to make risk mitigation decisions based on the level of operational risk.