Shows & Panels
- Accelerate and Streamline for Better Customer Service
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Client Virtualization Solutions
- Data Protection in a Virtual World
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Feds in the Cloud
- Health IT: A Policy Change Agent
- Improving Healthcare Outcomes through IT Policy
- IT Innovation in the New Era of Government
- Making Dollars And Sense Out of Data Center Consolidation
- Navigating the Private Cloud
- One Step to the Cloud, Two Steps Toward Innovation
- Path to FDCCI Compliance
- Take Command of Your Mobility Initiative
Shows & Panels
Navy conducts first shipboard cyber inspection
Monday - 8/15/2011, 7:47pm EDT
Federal News Radio
In the Navy, conducting scheduled inspections to evaluate a command's cybersecurity posture is new. Conducting them aboard a 1,100 foot aircraft carrier while it's at sea is even newer.
In late July, the U.S.S. Abraham Lincoln, a Nimitz-class carrier, became the first ship in the Navy fleet to undergo a command cyber readiness inspection while underway. The carrier passed with a score 11 percent higher than the Navy had previously seen in shore-based inspections, officials said.
"We have a crew of roughly 2,700 ship's company. Our information assurance division had to do a lot of work preparing," said Chief Petty Officer Eric Wishard in a phone interview with Federal News Radio from the Lincoln. "Our various networks and systems are all owned by different agencies throughout the government, and it was a big thing to make sure they were all up to the DoD standards."
Wishard said the biggest challenge turned out to be making sure his crew kept all the computing equipment aboard the Lincoln up to date with security patches, given the lack of an always-on connection to DoD's Global Information Grid.
"When you're underway, you have a whole different element of communications to be looking at," he said." We get our IP connectivity over satellite links. You just don't have a constant connection, and everything changes when you're afloat. The big thing is staying up to date with vulnerability patches to make sure all 1,000 workstations fully patched and come up with ways to make sure they're all online when the patches come out. The limited bandwidth makes it very difficult to receive them."
The Naval Network Warfare Command (NETWARCOM) in Norfolk, Va., led the inspections with oversight by the Defense Information Systems Agency.
In June, Rear Adm. Ned Deeds, NETWARCOM's then-commander, announced the Navy planned to begin routine "stem-to-stern" cyber inspections on 900 command units across the service.
"We've never had a [cyber] inspection force. We do now—nascent, but growing," Deeds said at the time. Wishard said preparation for the Lincoln's inspection involved the entire crew—not just its IT professionals.
"This is a very intense inspection," he said. "It reaches down to every crew member's life, because it involves physical security and challenging people when you see them and you don't know who they are. It involves personnel security, making sure people maintain their clearances and that they're doing what they're supposed to be doing within their spaces."
(Copyright 2011 by Federal News Radio. All Rights Reserved.)