Navy looks to build cyber resilience beyond RMF — FCW

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Navy looks to build cyber resilience beyond RMF

U.S. Navy Photo by Mass Communications Specialist 2nd Class Joshua J. Wahl

The Navy wants to fortify its cyber resilience to keep pace with rapid software development needs, but changing workforce habits has to come first.

Vice Adm. Jeffrey Trussler, the deputy chief of naval operations for information warfare and director of naval intelligence, called the risk management framework (RMF) process a “laborious” but necessary step to “get in the door” that doesn’t guarantee protection against evolving cyber threats.

“You’ve got to do this if you want to walk through the door,” Trussler said during a panel on cyber threats at Sea Air Space on Aug. 3. “Is that going to protect you? No, these are just kind of the known things you need to take care of. Very simple.”

Trussler went on to say that once vulnerabilities from software and hardware vendors are known, the challenge is implementation across ships, planes and networked systems scattered globally.

“We do all of these things, but we still don’t know. And those things get blown up when you get some intelligence that tells you, ‘Oh [an adversary is] in the system or they’re really working hard [to hack into] this system,'” he said.

That problem is complicated when mission applications are being continuously updated. Rear Adm. Susan BryerJoyner, the director of the Navy’s cybersecurity division in the Office of the Chief of Naval Operations, said that as the Navy moves to embrace DevSecOps, which aims to incorporate security throughout the software development cycle, evolving RMF as part of that shift has proved challenging.

“Modernization and cybersecurity are my top two priorities. And I say that because I’ve got to modernize my infrastructure, where I can’t modernize the infrastructure, I’ve got to figure out how I apply these new technologies because they’re important and they give me visibility that I’ve never had before,” BryerJoyner said during a NAVWAR cybersecurity breakout session Aug. 4.

“And not only do we have to…