Cyber operations

Navy Plans to Establish at Least 200 Cyber-Specific Roles

The U.S. Navy is planning to create cyber-specific roles in response to a fiscal 2023 National Defense Authorization Act provision requiring the service to establish new positions focused on cyber operations.

Speaking at WEST 2023, a conference co-hosted by AFCEA International and the U.S. Naval Institute, Vice Adm. Kelly Aeschbach, commander of Naval Information Forces, said she expects to receive the first proposal this week for the creation of at least 200 new positions, DefenseScoop reported.

Currently, the Navy’s cyber personnel are resourced from its cryptologic warfare community responsible for signals intelligence, electronic warfare and information operations. The Navy also relies on signals intelligence personnel working for the National Security Agency and remains the only service without a dedicated military role for cyber.

Besides establishing cyber-specific roles, the Navy, along with the Marine Corps, is replacing the existing three-year Authority to Operate compliance certification cycle to boost its cybersecurity posture under the Cyber Ready initiative. Under the current cyber compliance certification process, a system is assessed for months before it secures an ATO and be used as part of military operations.

Department of the Navy CIO Aaron Weis, who was also present at WEST 2023, said having an ATO does not mean software is always secure, noting the evolving capabilities of adversaries to compromise systems.

In 2022, the Department of Defense issued a memo calling on cyber defense leaders to shift to a continuous ATO model, under which systems will be evaluated on a rolling basis instead of every three years to detect cyber vulnerabilities immediately.

According to Weis, a four-time Wash100 awardee, maintaining the existing ATO system costs $1.1 billion annually but it does not contribute much to improving cybersecurity.