(Cyberwar.news) The U.S. Navy has put forth new cybersecurity guidelines and standards that will touch every unit, office and contractor, Breaking Defense reported Monday.
The new standards will cover everything from business to weapons systems and machinery controls. In addition, they will also govern future information technology purchases and provide a basis for assessing where current systems fall short of providing adequate cyber protection, the defense news site noted.
But the new standards are only the beginning. Last week the Space and Naval Warfare Systems Command published eight new standards covering things like “network firewalls” and “vulnerability scanning.” However, those are only the eight most urgent standards, SPAWAR’s commander, Rear Adm. David Lewis, told the site.
When all is said and done, “we envision about 38 standards to be published by the Navy,” Lewis said, “between now and ’18. The endstate is those 38 standards” that will contain “about 970 controls, [each of them] a sentence or a paragraph that says, ‘you’ll do this.’”
The standards are to apply to the entire Navy network as a whole, not to each particular system, component or piece of hardware acquired, Breaking Defense reported.
“Depending on where a system is in the overall big Navy architecture, certain standards will be more applicable,” Lewis said. What’s more, he added, “we don’t necessarily always have to follow them.”
The standards aren’t supposed to be suffocating, but rather a way for the Navy to measure its cybersecurity needs and progress, Lewis noted.
“With each system, we look at the standards that apply to that system; we assess its performance against the controls; and now we have an objective measure,” Lewis told Breaking Defense. In highlighting areas of vulnerability, “it helps target our modernization, it helps target our future contracts.”
The Navy cyber-modernization is likely part of an overall Pentagon effort to improve cyber defenses of its IT systems. The Defense Department is working with private industry to find solutions that are effective and fit with Pentagon requirements.
Cyberwar.news reported in November that the Pentagon began sending career personnel on tours with private cybersecurity firms as well as bringing in specialists from those companies so they can learn the skills that will be necessary to defend military networks from hackers.
“There’s not a time when I’m not being attacked somewhere in the world,” Terry Halvorsen, the Defense Department’s chief information officer, said at an event in Washington that was hosted by the Christian Science Monitor. “We’re looking to industry to help us solve some specific areas.”
Image: US Navy
See also:
Cyberwar.news is part of the USA Features Media network of sites.