challenge because we have limited hardware, limited
space [and] limited opportunities to do upgrades.”
“One of our biggest challenges is, obviously, 80 to
90 percent of the dollars in this command [NAVAIR]
go to sustaining and supporting and modifying legacy
systems,” Young said. “The information technol-
ogy in those systems can date back 20-30 years and
have some of the biggest vulnerabilities, yet the least
amount of resources to address those vulnerabilities.
“A big part of what we’re doing to increase this
awareness in the workforce then plays into intelligent decisions about how to use those resources in the
best way possible, how to mitigate the risks while not
spending so much that, in effect, the adversary succeeds just by spending us to death. On newer systems
going forward, we have a big advantage because we
can build in some of the best technologies and protections, and much more complex and sophisticated
solutions,” he said.
Regarding new platforms being architected, “as we
find potential areas of risk, as we look at the attack
surface on our programs and systems, having a smart
workforce allows us to tell what those mitigations
are, where we need to develop technology solutions to
address that for our fleet,” Crowley said.
The Navy wants its platforms and command structure to be completely networked, able to make quick
decisions and act decisively. So, disconnecting from a
network to prevent cyber intrusion presents a tactical
“Disconnect prevents you from sharing that data
where it needs to go,” Williford said. “It prevents you
from utilizing the capability the way it was intended
and designed. We found out that there are other
impacts to other systems by doing that.
“You’ve got to understand how those ships are put
together. We are always modifying those and putting
new capabilities in,” he said. “If there were a vulner-
ability to this system, what would be the right pieces
to disconnect so that you could continue operating in
your current environment?”
Networks are “very advantageous,” Young said.
“[But] they are also a huge attack surface that give the
adversary a lot of avenues, a lot of attack vectors.”
Turning systems on and off at the right times can
maintain combat effectiveness while reducing cyber
vulnerability, Young said.
“Everything doesn’t have to be connected all the
time,” he said. “Simply by only turning it on when
it needs to be turned on, we dramatically reduce that
attack surface because attack surface is tied to time
and the persistence that is available to an adversary.
It’s much like a motion sensor on a light switch that
says, ‘Well, I’ll give you light when you’re in the room,
but when you’re not in the room or you’re not using
this system, let’s make sure we keep it off.’ We save
energy and, in the same way, for cyber, we reduce the
attack surface. That is a major protection — unplug-
ging at the right times and the right ways without
hurting our warfighting effectiveness.”
“A key point of that is in understanding the
mission capabilities when we disconnect certain
systems,” Crowley said. “Are we going to be able
to execute the mission in some limited state where
you may not have full access to the normal network
Updates to the cyber security of shipboard systems
must be tested thoroughly on a land-based test site.
“We don’t want to do anything shipboard that is
going to decertify the ship from both a mission assurance and a safety standpoint,” Williford said.
For example, the use of host-based security systems — like the antivirus software running in the
background on a personal computer — is not always
suitable for shipboard systems because they can slow
down a system’s operating speed when they are scanning or updating a patch to their software. Countering
an incoming supersonic missile “is not a good time to
slow down your capability,” Williford said.
“You want to put the right capability in there, but
you want to have the IT workforce and the engineering
workforce working together for that solution. That is
why we believe that putting it in the system engineering process is the right way to do it,” he said.
“We’re using a concept we call systems engineering
transformation, where we’re modeling these systems
better than we ever have before at high levels of fidel-
ity,” Young said. “We then play out that game in a
harmless environment where we see the effects of hav-
ing something on or off or having it in a degraded mode.
That helps us judge the value of whether we want to pay
a lot of money for a capability or for a protection of that
capability versus [being] willing to risk that one because
we have a backup plan. The systems engineering trans-
formation plays very closely with electronic warfare,
which plays very closely with cyber protection and secu-
“We’re changing our mindset and looking at the
technologies in thinking that we can put an inexpen-
sive capability out there that will suffice and do the job
just as well,” Williford said. “The challenge that we
always have, if we come up with a capability, now how
do we integrate it? Integration becomes another chal-
lenge that we’re going to have to work out.” n