The US Navy has released details of Task Force Cyber Awakening (TFCA) a new security initiative designed to bolster its defenses and improve resilience to future attacks.
Led by the deputy chief of naval operations for information dominance, TFCA is a broad-ranging effort designed to give commanders better visibility into cyber-security across the navy and “address the fragmented and uneven efforts across our platforms and systems.”
It added in a notice:
“Recent real world events and attacks on our Navy systems make clear that the cyber threat is increasing. Our current approach, which prioritizes modernization over sustainment, leaves us vulnerable. Our increasing reliance on connected capabilities (ie, beyond traditional IT networks to our warfighting control systems) has significantly increased the potential consequences of a cyber event…
TFCA is tasked to deliver fundamental change to Navy’s organization, resourcing, acquisition and readiness by extending our cybersecurity apparatus beyond traditional IT to our combat systems, combat support and other information systems while aligning and strengthening authority and accountability.”
The initiative will apparently draw on the experience of Operation Rolling Tide, an effort formed by US Cyber Command commander, Admiral Michael Rogers, in response to an Iranian attack on Navy computers reported last year.
TFCA has been split into four task groups which will focus on: assessing current capabilities and prioritizing investment; quality assurance for components and processes; evaluation of current “authorities, methods and resources”; and technical support from senior engineers.
One major item on the agenda will be to move vital systems such as CANES – Consolidated Afloat Networks and Enterprise Services – off Windows XP.
“There’s a discussion and probably a press to do XP massive upgrades now,” Task Force Cyber Awakening lead Matthew Swartz told reporters on Friday.
“For the Navy, it’s very difficult to do massive operating system upgrades - that’s bigger than just doing a software upgrade. It requires doing some infrastructure changes as well.”
Charles Sweeney, CEO of web security firm Bloxx, gave the new initiative a cautious welcome.
"Whilst it is good to see the Navy preparing for the connected future, which will certainly impact its operations, it is also worrying that unsupported OSes are still in operation on battleships,” he told Infosecurity.
“The security threats associated with these are well documented and whilst the Navy operates a highly complex IT environment. I would think that the vulnerabilities outdated software and hardware introduce would call for more proactive planning."