Navy issues new cybersecurity standards as part of Pentagon plan to improve defenses

110524-N-GS507-210 PENSACOLA, Fla. (May 24, 2011) Students from the Center for Information Dominance (CID) Corry Station, Cryptologic Technician Collection Seaman Recruit Ben Lowden, of Brownsberg, Ind., Cryptologic Technician Networks Seaman Apprentice Alicia Sutliff, of Jacksonville, Fla., and Cryptologic Technician Technical Third Class Steven Tometczak, of Reno, Nev., preview the Integrated System for Language Education and Training program (ISLET), which is being tested by the CID-based Center for Language, Regional Expertise and Culture (CLREC) and the Academic Consortium for Global Education (ACGE). Conceived as an alternative to traditional computer-based training and classroom instruction, ISLET employs online social networking, interactive role-play, competitive gaming and speech recognition to create an immersive environment for collaborative learning. (U.S. Navy photo by Gary Nichols/Released)

(Cyberwar.news) The U.S. Navy has put forth new cybersecurity guidelines and standards that will touch every unit, office and contractor, Breaking Defense reported Monday.

The new standards will cover everything from business to weapons systems and machinery controls. In addition, they will also govern future information technology purchases and provide a basis for assessing where current systems fall short of providing adequate cyber protection, the defense news site noted.

But the new standards are only the beginning. Last week the Space and Naval Warfare Systems Command published eight new standards covering things like “network firewalls” and “vulnerability scanning.” However, those are only the eight most urgent standards, SPAWAR’s commander, Rear Adm. David Lewis, told the site.

When all is said and done, “we envision about 38 standards to be published by the Navy,” Lewis said, “between now and ’18. The endstate is those 38 standards” that will contain “about 970 controls, [each of them] a sentence or a paragraph that says, ‘you’ll do this.’”

The standards are to apply to the entire Navy network as a whole, not to each particular system, component or piece of hardware acquired, Breaking Defense reported.

 

 

“Depending on where a system is in the overall big Navy architecture, certain standards will be more applicable,” Lewis said. What’s more, he added, “we don’t necessarily always have to follow them.”

The standards aren’t supposed to be suffocating, but rather a way for the Navy to measure its cybersecurity needs and progress, Lewis noted.

“With each system, we look at the standards that apply to that system; we assess its performance against the controls; and now we have an objective measure,” Lewis told Breaking Defense. In highlighting areas of vulnerability, “it helps target our modernization, it helps target our future contracts.”

The Navy cyber-modernization is likely part of an overall Pentagon effort to improve cyber defenses of its IT systems. The Defense Department is working with private industry to find solutions that are effective and fit with Pentagon requirements.

Cyberwar.news reported in November that the Pentagon began sending career personnel on tours with private cybersecurity firms as well as bringing in specialists from those companies so they can learn the skills that will be necessary to defend military networks from hackers.

“There’s not a time when I’m not being attacked somewhere in the world,” Terry Halvorsen, the Defense Department’s chief information officer, said at an event in Washington that was hosted by the Christian Science Monitor. “We’re looking to industry to help us solve some specific areas.”

Image: US Navy

See also:

Breaking Defense

Cyberwar.news

Cyberwar.news is part of the USA Features Media network of sites.