Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Mobile Device Management
- The Modern Federal Threat Landscape
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- Satellite Communications: Acquiring SATCOM in Tight Times
- Transformative Technology: Desktop Virtualization in Government
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
Navy conducts first shipboard cyber inspection
Monday - 8/15/2011, 7:47pm EDT
Federal News Radio
In the Navy, conducting scheduled inspections to evaluate a command's cybersecurity posture is new. Conducting them aboard a 1,100 foot aircraft carrier while it's at sea is even newer.
In late July, the U.S.S. Abraham Lincoln, a Nimitz-class carrier, became the first ship in the Navy fleet to undergo a command cyber readiness inspection while underway. The carrier passed with a score 11 percent higher than the Navy had previously seen in shore-based inspections, officials said.
"We have a crew of roughly 2,700 ship's company. Our information assurance division had to do a lot of work preparing," said Chief Petty Officer Eric Wishard in a phone interview with Federal News Radio from the Lincoln. "Our various networks and systems are all owned by different agencies throughout the government, and it was a big thing to make sure they were all up to the DoD standards."
Wishard said the biggest challenge turned out to be making sure his crew kept all the computing equipment aboard the Lincoln up to date with security patches, given the lack of an always-on connection to DoD's Global Information Grid.
"When you're underway, you have a whole different element of communications to be looking at," he said." We get our IP connectivity over satellite links. You just don't have a constant connection, and everything changes when you're afloat. The big thing is staying up to date with vulnerability patches to make sure all 1,000 workstations fully patched and come up with ways to make sure they're all online when the patches come out. The limited bandwidth makes it very difficult to receive them."
The Naval Network Warfare Command (NETWARCOM) in Norfolk, Va., led the inspections with oversight by the Defense Information Systems Agency.
In June, Rear Adm. Ned Deeds, NETWARCOM's then-commander, announced the Navy planned to begin routine "stem-to-stern" cyber inspections on 900 command units across the service.
"We've never had a [cyber] inspection force. We do now—nascent, but growing," Deeds said at the time. Wishard said preparation for the Lincoln's inspection involved the entire crew—not just its IT professionals.
"This is a very intense inspection," he said. "It reaches down to every crew member's life, because it involves physical security and challenging people when you see them and you don't know who they are. It involves personnel security, making sure people maintain their clearances and that they're doing what they're supposed to be doing within their spaces."
(Copyright 2011 by Federal News Radio. All Rights Reserved.)