US Navy Looking Beyond RMF to Build Cyber Resilience

The U.S. Navy wants to build up its resilience against emerging cyber threats, but before applying technological solutions, the service must first change its workforces’ habits, a ranking officer close to the matter said. Vice Adm. Jeffrey Trussler, the deputy chief of naval operations for information warfare and director of naval intelligence, called the risk management framework a laborious but necessary process that does not always guarantee results, FCW reported Friday.

Speaking at the recent Sea Air Space event, Trussler said that once vulnerabilities from software and hardware vendors are known, the challenge is implementation across ships, planes and networked systems scattered globally. He added that there is no foolproof solution to cybersecurity but there are basic steps that must be taken as a matter of procedure.

Meanwhile, Rear Adm. Susan BryerJoyner, the cybersecurity director in the Office of the Chief of Naval Operations, said managing cyber threats is made more complicated when mission applications are being continuously updated. She explained that that evolving the RMF has become the challenging part of efforts to embrace DevSecOps, which aims to incorporate security throughout the software development cycle.

BryerJoyner said that not only does the Navy need to modernize its infrastructure, it has to modernize its approach in cybersecurity. She lamented that the standard RMF process cannot keep up with the requisite speed and agility.

BryerJoyner further said that a working group has been formed to look into technologies that can help with continuous monitoring, to find out whether a system is working well or if it has a potentially exploitable critical vulnerability. Utlimately, people who are actually in the process must be encouraged to interpret the guidance in a way that makes sense for the environment, she said.