The Navy is addressing cyber vulnerabilities found in its Consolidated Afloat Networks and Enterprise Services and detailed in a recent report, according to a Navy spokesman.
More than 400 cyber vulnerabilities across dozens of DoD programs, including CANES, were identified in an annual report by the Defense Department’s Office of the Director for Operational Test and Evaluation found . The report noted that as of November 2012, CANES had 29 category one vulnerabilities and 172 less severe vulnerabilities.
“The numbers reported were from an initial baseline assessment prior to applying system lock-downs and have no bearing on current production systems,” Steven Davis, Space and Naval Warfare Systems Command spokesman, said in a statement.
Davis said CANES has conducted three self-assessments in line with the certification and accreditation process for assessing information technology risks. That process is governed by the Department of the Navy chief information officer, 10th Fleet, Office of Naval Intelligence and the Office of the Chief of Naval Operations.
“These time-phased assessments provide systematic validation that all vulnerabilities are being properly remediated and/or mitigated,” Davis said. The Navy did not provide an update on how many of the vulnerabilities in the report have been addresses.
CANES will replace legacy networks on ships, submarines and shore sites. The Navy completed its first installation of CANES on the Arleigh Burke-class guided-missile destroyer USS McCampbell in November.
“We have integrated more than a dozen information assurance capabilities into its baseline to address not just historical vulnerabilities, as identified in the report, but current and future vulnerabilities,” Davis said of CANES.