The Navy wants commanders to use a 2017 law as a way to take more responsibility for cybersecurity under their purview as a way to help save millions of dollars in time and money.
Language in the annual defense policy bill for fiscal year 2017 indirectly allows for a more rapid deployment of cybersecurity systems, according to an Oct. 3 Navy release. The move is consistent with Navy acquisition chief James Geurts’ approach to pushing acquisition and procurement authorities down to the lowest levels possible as a way to make the service more agile and flexible.
“This new authority pushes responsibility and accountability to the commanding officer level,” said Capt. Jon Moretty, commanding officer at Naval Undersea Warfare Center Division, Keyport. “This increases the level of knowledge of the Risk Management Framework process, improves the cybersecurity of the networks since they can achieve required standards and continuous monitoring in a more timely manner and removes organizational roadblocks which stifle innovation and action.”
Previously, leaders at the Naval Seas Systems Command held the acquisition authority. Moretty added that the new flexibility allows his division to increase its institutional knowledge of cybersecurity and make risk decisions for systems at this level.
“Before this authority was granted, it would take up to 24 months for the Warfare Centers to navigate through the Risk Management Framework for Authority to Operate,” he said. “By empowering the work force, that time will be significantly reduced while increasing network cyber resiliency and safety. The time savings result in cost savings in the millions of dollars when spread across the NAVSEA Science and Technology enterprise.”