Naval Information Warfare Systems Command plans to deploy technology that will certify a ship’s compliance with cybersecurity requirements to 180 vessels by fiscal 2022.
The cyber baseline system — deployed by FRD 300, which is short for the Cybersecurity Office of the command’s Fleet Readiness Directorate — is a web-based application. It allows the directorate to ensure a ship’s systems comply with cybersecurity requirements set by the departments of Defense and the Navy prior to departure, according to a June 29 news release from NAVWAR.
A baseline “offers a searchable, easy-to-use, platform-specific record of all Navy networks, including hosted and connected, afloat and ashore systems, enabling the ability to independently manage and maintain a ship’s information technology capabilities,” the release said.
Cyber baselines have been deployed aboard 40 ships in fiscal 2019, the release said. The program, which started in January 2018, has implemented cyber baselines on 80 Navy ships as of June 2020, according to the release.
“Delivering cyber baselines allows us to identify capability risks during a ship’s availability or scheduled modernization, assuring a cyber-ready platform prior to departure,” FRD 300 Director Duane Phillips said. “We are using an end-to-end approach, ensuring that all hosted and connected systems, including the Consolidated Afloat Networks and Enterprise Services (CANES) and Integrated Shipboard Network System (ISNS), comply with DoD and DoN requirements and are approved to meet cyber security technical authority standards.”
The tool is delivered and installed in coordination with NAVWAR Headquarters, Naval Information Warfare Center Pacific and Naval Information Warfare Center Atlantic.
According to the release, FRD 300 supports 10 to 15 platforms at any given time. It is currently working on ships in Bahrain, Japan, California, Washington “and more,” the release said. Because of the coronavirus pandemic, FRD 300 is providing both distance and in-person training on the system.
“Despite today’s current circumstances, our Navy and our nation are continuing to experience an unprecedented degree of competition in the maritime environment,” FRD 300 Executive Director Mike Spencer said. “As the technical leader for Navy cybersecurity we must continue to drive implementation of cyber standards, creating a secure, defensible information domain. By delivering, installing and managing cyber baselines, we are able to provide a validated end-to-end cyber compliant network improving cyber readiness across the fleet.”
NAVWAR is also working with NIWC Pacific and Program Executive Office Command, Control, Communications, Computers and Intelligence and Space Systems to create a C4I certification by the end of fiscal 2021 that assess a system’s cyber readiness. According to the release, the certification process will confirm “all warfighter tools and capabilities are cyber secure through consistent and pervasive implementation of cybersecurity specifications and standards.”
The efforts come as the Navy continues to work to improve its cybersecurity after an assessment last year found the service lacked effective cyber hygiene and recommended that it restructure its cybersecurity governance.
Andrew Eversden covers all things defense technology for C4ISRNET. He previously reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.