Thursday, February 12, 2015

This doesn't appear to be correct - Can this really be the BIGGEST cyber challenge facing the Navy??


Vice Admiral Jan E. Tighe is reported to have said that the biggest cyber challenge facing the Navy is the protection of sensitive but unclassified (SBU) information that resides outside of its networks

From this ARTICLE.  Do we need a Task Force SBU?? Is someone aware of which organization is tasked with working to resolve the biggest cyber challenge facing the Navy?

Seems like this would be addressed in the DoD's Risk Management Framework for cyber. 

7 comments:

Anonymous said...

So you are confused Mike. Situation normal.

Anonymous said...

SBU data is certainly of concern, but wouldn't make the case for it being the "biggest" challenge facing the Navy unless of course you are making the case that by "biggest" you mean most wide spread.

Bottom line is that it isn't a cyber problem, but a business framework problem. We as a Service have become so dependant upon contractors to do our work that much of our intellectual capital exists outside of our control...not a cyber problem at heart, but it certainly manifests itself there.

And haven't ever seen a cyber risk management framework - would be an interesting document to read through though.

Anonymous said...

"Cyber is an all hands on deck evolution and everyone will have to be a cyber-expert," said Lewis referring to the changing dynamics of the future workforce. "It is fundamental to what we do on ships and for the warfighter. If it has a computer, it will be affected by cyber. The current warfighting environment has changed radically, so we are going to have to change some of our behaviors to remain cyber defendable."

Anonymous said...

Viz anon above, why? Short of MDU, the ship's weapons computers are stand alone unless engaged in CEC. The fire control systems cannot be directly attacked.

OK, that was funny. Of course they can now. Cyber warriors made them vulnerable by offering 'software updates' on deployment.

Yay cyber warriors!

SANS INSTITUTE said...

THIS MAY HELP YOUR UNDERSTANDING.

2. “The nature of the DON mission, accompanied by connectivity and data aggregation issues, has led to the determination that all unclassified information processed by DON information systems is sensitive. Therefore, all DON information systems shall be protected by the continuous employment of appropriate safeguards.”15

MORE said...

Table 2: Sensitive but Unclassified Designations in Use at Selected Federal Agencies

Designation Agencies using designation

1 Applied Technology *Department of Energy (DOE)
2 Attorney-Client Privilege Department of Commerce (Commerce), *DOE
3 Business Confidential *DOE
4 Budgetary Information Environmental Protection Agency (EPA)
5 Census Confidential Commerce
6 Confidential Information Protection and Statistical Efficiency Act Information (CIPSEA) Social Security Administration (SSA)
7 Computer Security Act Sensitive Information (CSASI) Department of Health and Human Services (HHS)
8 Confidential Department of Labor
9 Confidential Business Information (CBI) Commerce, EPA
10 Contractor Access Restricted Information (CARI) HHS
11 Copyrighted Information *DOE
12 Critical Energy Infrastructure Information (CEII) Federal Energy Regulatory Commission (FERC)
13 Critical Infrastructure Information Office of Personnel Management (OPM)
14 DEA Sensitive Department of Justice (DOJ)
15 DOD Unclassified Controlled Nuclear Information Department of Defense (DOD)
16 Draft EPA
17 Export Controlled Information *DOE
18 For Official Use Only (FOUO) Commerce, DOD, Department of Education, EPA, General Services Administration, HHS, DHS, Department of Housing and Urban Development (HUD), DOJ, Labor, OPM, SSA, and the Department of Transportation (DOT)
19 For Official Use Only‹Law Enforcement Sensitive DOD
20 Freedom of Information Act (FOIA) EPA
21 Government Confidential Commercial Information *DOE
22 High-Temperature Superconductivity Pilot Center Information *DOE
23 In Confidence *DOE
24 Intellectual Property *DOE
25 Law Enforcement Sensitive Commerce, EPA, DHS, DOJ, HHS, Labor, OPM
26 Law Enforcement Sensitive/Sensitive DOJ
27 Limited Distribution Information DOD
28 Limited Official Use (LOU) DHS, DOJ, Department of Treasury
29 Medical records EPA
30 Non-Public Information FERC
31 Not Available National Technical Information Service Commerce
32 Official Use Only (OUO) DOE, SSA, Treasury
33 Operations Security Protected Information (OSPI) HHS
34 Patent Sensitive Information *DOE
35 Predecisional Draft *DOE
36 Privacy Act Information *DOE, EPA
37 Privacy Act Protected Information (PAPI) HHS
38 Proprietary Information *DOE, DOJ
39 Protected Battery Information *DOE
40 Protected Critical Infrastructure Information (PCII) DHS
41 Safeguards Information Nuclear Regulatory Commission (NRC)
42 Select Agent Sensitive Information (SASI) HHS
43 Sensitive But Unclassified (SBU) Commerce, HHS, NASA, National Science Foundation (NSF), Department of State, U.S. Agency for International Development (USAID)
44 Sensitive Drinking Water Related Information (SDWRI) EPA
45 Sensitive Information DOD, U.S. Postal Service (USPS)
46 Sensitive Instruction SSA
47 Sensitive Internal Use *DOE
48 Sensitive Unclassified Non-Safeguards Information NRC
49 Sensitive Nuclear Technology *DOE
50 Sensitive Security Information (SSI) DHS, DOT, U.S. Department of Agriculture (USDA)
51 Sensitive Water Vulnerability Assessment Information EPA
52 Small Business Innovative Research Information *DOE
53 Technical Information DOD
54 Trade Sensitive Information Commerce
55 Unclassified Controlled Nuclear Information (UCNI) DOE
56 Unclassified National Security-Related *DOE

HMS Defiant said...

Chelsea Manning has your number and stole your data.