Tuesday, June 14, 2011
Navy Begins Routine Cybersecurity Inspections of 900 commands - on 36 month cycle
According to Naval Network Warfare Command's retiring commander, RADM Ned Deets, the Navy is preparing for "stem to stern" inspections in cybersecurity. This will involve a regime of inspections focused specifically on IT security.
"We've never had an inspection force (for cybersecurity). We do now—nascent, but growing. We've built an inspection plan that will eventually inspect, on a three year cycle, 900 command units across the Navy. It looks a lot like a lot of the other inspection programs we have across the Navy, like INSURV and things of that nature", RADM Deets said.
Each year every one of the 900 commands should expect to be subjected to some sort of cybersecurity inspection.
"We'll do an administrative inspection to take a look at your program first (year). Second (year) will be unit-level training and advice and assistance to ensure that you're ready to operate in your unit, and third (year) will be a stem-to-stern inspection of everything associated with your networks and long-haul communications, physical security included. In the Navy, we expect what we inspect, and we have never inspected in this area before," RADM Deets continued.
"The network security posture is still not on a lot of commanders' daily reports, and it really needs to be," Admiral Greenert said. "The workforce awareness is pretty low on information assurance. We still need to go in and slap people's hands, because they want to plug things like thumb drive into our computers or they want to charge their iPads. We're not really complying yet with the existing security directives, and up to nine out of ten of the exploits that we've had have been known vulnerabilities. They could have been cut off."
RADM Deets said the Navy lacks the ability to oversee and defend its networks to the degree it would like to, in part, because there are so many of them.
You can listen HERE. It's a good interview.