Before an audience of mostly defense contractors, Rear Adm. Dave Lewis, commander of Space and Naval Warfare Systems Command (SPAWAR) unveiled for the first time publicly the draft 2017 SPAWAR strategic plan.
"What you'll see is we've drilled down one more level," he said at the C5ISR Summit in Charleston, South Carolina on Dec. 7. "If you go back to '15, our first strategic plan was high level and lacked specifics. '16 started to get in to the particulars. '17, now we've clearly identified our weak areas and we're drilling down to very specific areas."
The draft includes five "end states," along with strategic objectives, that the force is looking to drive toward:
- Accelerate and streamline delivery: Increase commonality in the deployed C4I configurations; increase quality of installations and decrease installation timeline cost.
- Enable modern IT service delivery: Transform and modernize IT infrastructure; deliver mobile capability to the workforce.
- Own cyber technical leadership: Protect, improve, cyber hygiene, develop standards and target architecture; respond to cyber incidents/recover to ensure capability restoration.
- Reduce the cost of operations: Optimize information for effective decision making; optimize lab infrastructure at SPAWAR.
- Optimize our organization and workforce: Manage workforce talent.
Lewis also drilled down on cybersecurity, a major priority for the Department of Defense and specifically the Navy, especially following a high-profile break of networks by the Iranians in 2013 that led to initiatives aimed at identifying and mitigating vulnerabilities.
However, these high-profile and breaking news breaches are not what primarily worry Lewis. Instead, he said the threats he worries about is the "guy in your basement; you don’t know he’s there." This metaphorical person in the basement is there for four or five years acting as a silent, yet persistent threat.
"That’s our threat. They don’t want you to know they’re there," and they want to know everything that’s going on, Lewis said.
Lewis discussed other aspects of the Navy’s cybersecurity approach, which recently has focused more on resiliency than pure protection.
"We focus very heavily on the ‘protect’ piece of it. We tend to be a little less robust in the other areas," he said of SPAWAR’s cybersecurity focus referencing other aspects of cybersecurity that include identifying, protecting, detecting, responding and recovering against threats. "So one thing I’m emphasizing ... are those other areas. What’s normal in your network?
"We will never patch and scan our way out of cyber vulnerabilities. It cannot happen. If you’re patching and scanning and think you’re in a good place, you’re wrong," he said. "The only solution from my view … is to properly engineer the systems in the first place."
Lewis also provided details regarding SPAWAR’s role and responsibilities within auditing and hardening weapons systems from a cybersecurity perspective. DoD announced recentlythat it will repurpose funds to audit all weapons systems across all services.
Lewis said they are focused on boundary defense capability, explaining that according to architecture standards from the National Institute of Standards and Technology, ships should be broken up into enclaves such as a systems enclave and a C4I enclave, for example.
"Then there needs to be boundary defense capabilities between those enclaves so that if one of them goes south, it doesn’t take down the other ones," he said referencing the "identify, react, correct" mantra.
The service is also working toward a common design across ships and across enclaves, he said.