Advertisement

You will be redirected to the page you want to view in  seconds.

SECNAV launches plan to battle 'insider threats'

Cybersecurity effort likely means more training

Sep. 7, 2013 - 06:00AM   |  
  • Filed Under

The Navy has a new plan to confront “insider threats” in the Navy and Marine Corps, and it will involve more scrutiny, better training and a team of top leaders to oversee its implementation.

Navy Secretary Ray Mabus issued an instruction in August that creates the Department of the Navy Insider Threat Program. The goal is to prevent cases like the data leaks by Army Pfc. Bradley Manning and former National Security Agency contractor Edward Snowden, and violence like Army Maj. Nidal Hasan’s shooting rampage at Fort Hood, Texas.

“With this instruction, Secretary Mabus has given the Department of the Navy its marching orders,” said Vice Adm. Michael Rogers, head of Fleet Cyber Command. “We need to do all we can to be aware of the threat, and take those actions necessary to reduce that threat.”

As head of the Navy’s cybersecurity arm, Rogers’ team of cyber warriors plays a critical role in fighting insider threats. But Rogers insists the threat is an “all hands” issue.

“All who serve within the Navy — active, reserve, officer, enlisted, civilian employees and contract support personnel — are put at risk by this threat, and all can help diminish that threat,” said Rogers, who responded to Navy Times’ questions via email.

The Navy’s program follows President Obama’s orders in November for executive agencies to develop standards to protect classified information and prevent acts of violence.

Mabus’ instruction defines an insider threat as a “person with authorized access, who uses that access wittingly or unwittingly, to harm national security interests or national security through unauthorized disclosure, data modification, espionage, terrorism, or kinetic actions resulting in loss or degradation of resources or capabilities.”

Rogers stressed that an ignorant sailor who fails to adhere to proper procedures can be just as dangerous as someone who knowingly leaks classified information.

“For example, a sailor or officer on a ship who plugs his or her cell phone or music device into the [Secure Internet Protocol Router] machine to charge it or uses another prohibited item in a USB port to transfer data can unintentionally do great harm by introducing viruses or malicious code onto a computer system,” Rogers said. “Such actions put sensitive information, our mission, and lives at risk by exposing the Navy’s network to vulnerabilities that could allow the adversary access.”

SECNAV's plan

Insider threats are not a new issue for the services, and the Navy and Marine Corps teach service members about the risks: using thumb drives, for example, or posting ship locations on Facebook. The services are also working on network upgrades, or as Rogers refers to them, “hardening measures.”

“The Insider Threat program will help bring some focus to those separate efforts, and put it all in terms that we in the military understand: Here’s the threat, and here’s what we must do to combat that threat,” Rogers said.

Mabus’ instruction includes orders to:

■ Ensure training and awareness programs are put in place and updated as necessary.

■ Improve the services’ ability to monitor activity on internal systems.

■ Better use anti-terrorism/force protection, counterintelligence, law enforcement and human resources to ID and mitigate insider threats.

Over the next couple of months, the Navy will create an executive board to oversee implementation of the program, chaired by the fleet’s deputy undersecretary for plans, policy, oversight and integration. It will include three-star reps for the chief of naval operations and Marine Corps commandant.

It will be up to the commandant and CNO to track, review and catalog potential insider threats. These will be presented in an annual report to the SECNAV.

It remains to be seen what additional training and policies sailors will receive under the new program, but it will undoubtedly mean some changes.

Standardized policies will also make it easier to hold leadership responsible, Rogers said.

“This baseline will ... allow commanders to realize that they are responsible for enforcing cyber­security measures and will be held accountable for breeches and security violations,” he said. “In the long run, this insider threat effort is as much about changing the Navy’s culture with respect to cybersecurity in war fighting ... as it is about deterring the insider threat. The efforts go hand in hand.”

Answers by RallyPoint

Join trending discussions in the military's #1 professional community. See what members like yourself have to say from across the DoD.

More In News

Start your day with a roundup of top defense news.

VA Home Loan
Rates

Search By:

Product Options:
Zip Code:

News for your in-box

Sign up now for free Military Times E-Reports. Choose from Money and Education. Subscribers: log in for premium e-newsletters.


This Week's Army Times

This Week's Army Times

CrossFit vs. unit PT
Troops will do the training plans in a $2.5 million study

Subscribe for Print or Digital delivery today!

Classifieds
MilitaryTimes Green Trusted Classifieds Looking to buy, sell and connect on Military Times?
Browse expanded listings across hundreds of military installations.
Faces of valorHonoring those who fought and died in Operations Iraqi Freedom and Enduring Freedom.
hall of valorThe Hall of Valor is a searchable database of valor award citations collected by Doug Sterner, a Vietnam veteran and Military Times contributing editor, and by Military Times staff.
Woman who cried rape
(3 replies)
   Last Post: TJMAC77SP
        May 3, 2014 1:32 PM
   Last Post: garhkal
        May 1, 2014 5:03 PM
Cliven Bundy
(45 replies)
   Last Post: Chief_KO
        Apr 26, 2014 9:49 AM
Handbooks

All you need to know about your military benefits.

Benefits handbook

Guard & Reserve All you need to know about the Guard & Reserve.

guard and reserve handbook