An official website of the United States government
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

News from around the Fleet

U.S. Fleet Cyber Command Executes Operation Cyber Dragon

18 May 2022

From Lt. Darius Radzius, U.S. Fleet Cyber Command / U.S. 10th Fleet

FORT GEORGE G. MEADE, Md. – The U.S. Navy’s unclassified computer networks are better protected from outside threats. U.S. Fleet Cyber Command just completed the first phase of operation Cyber Dragon where nearly 30 active and reserve Sailors resolved thousands of vulnerabilities.

Chief Warrant Officer Scott Bryson works in Defensive Cyberspace Operations and Department of Defense Information Network Operations. He said his team initially made the discovery of the problems with the network, “We identified that [the Navy] had over 14,500 known issues across the DoD network.”

He also recognized the urgency to resolve these issues “We’re always going to be vulnerable to anybody that has any malicious acts and that can be anyone with a keyboard. The longer the vulnerabilities remain, the more susceptible we are to attack. You’ve got to shore up what we’re vulnerable against and we have to take actions to make sure that we’re secure. That’s what this is all about,” Bryson said.

The U.S. Navy relies on a number of computer applications provided by commercial providers including commonly used Microsoft programs such as Outlook, Power Point, and Word. Sandy Radesky, deputy chief information officer at Fleet Cyber Command, said “The partnerships the Navy has with various commercial providers that support Navy missions puts us in this gray space that we have to constantly synchronize with our providers and [we need to] understand of who's doing what to protect our attack surface.” This is why Radesky authorized the execution of the Operation.

Bryson sought Navy reservists from within and outside the command and he said they didn’t necessarily need computer experience. “If you’re trainable, I can show you what to do and then I’ll set you free,” Bryson said.

Petty Officer 2nd Class David Lucas, a Yeoman who does administrative work from Wichita, Kansas, was one of about two dozen who volunteered for this mission. “This was different than anything I’ve ever used before, but it was very intuitive. Once they explained to me what the words all meant, and which ones I was supposed to work on… once I got the basics down, it was much easier,” Lucas said. He also credited his teammates and leadership for always being available to help.

In March, Bryson’s team quickly and aggressively resolved thousands of vulnerabilities in the network. “I will say [it was] a huge success. We were able to… get 23% remediation actions out of the original 14,500 discrepancies,” Bryson said. He says the intricacies of the various Navy networks makes resolving each vulnerability complex. At the end of the first phase, Bryson said they had to evaluate the effectiveness of each resolution and assess the impact they had on the system, positive and negative.

Radesky said the diverse skillsets of the Navy reservists were invaluable, “[We] were able to leverage those skills across multiple teammates within the reservists that came in to be able to create this repeatable process. And they did it so quickly. I mean, we did this in about 30 days, and with 22 reservists.”

Rear Adm. Stephen Donald, vice commander, U.S. Fleet Cyber Command and U.S. 10th Fleet said, “This operation demonstrated the strength, responsiveness, and expertise our Navy Reservists offer. Fleet Cyber Command was able to mobilize a team of reservist quickly to execute an urgent mission. With warfighting readiness as our primary mission, this was a clear example the value reservists provide to the defense of the United States.”

Bryson says this operation is especially important in a time of increased conflict worldwide. Cybersecurity and Infrastructure Security Agency (CISA) says cyber threats have increased. Bryson says the cyber attacks can be launched from anywhere and by anyone whether it’s a coordinated by another country, a rogue actor, or someone with curiosity, testing out his or her computer skills.

“Network cyber hygiene is very paramount. If we didn’t do this, then we just have additional vulnerabilities and if you have too many vulnerabilities, someone’s going to exploit them and potentially in a bad way,” Bryson said.

After evaluating the success of the operation, Bryson says he’s now preparing to execute the second phase of the operation this summer with the goal of tackling an additional 50 percent of the vulnerabilities.

“So now that the foundational piece has been done for the most forward facing, and most critical vulnerabilities, this next phase is going to go faster, and will be easier because we’ve already established the lanes in the road,” Radesky said. She says this will now be a regular effort where the active duty personnel will work with reservists to continuously identify and resolve vulnerabilities in Navy networks.

Searching for vulnerabilities in the network will continue after the conclusion of Operation Cyber Dragon said Bryson, “Our attack surface is always going to change across anybody’s network. Whether it’s a commercial business, military or government, your attack surface varies all the time from malicious hackers that are trying to

poke and prod you. We’re always going to have vulnerabilities. We know that, but it’s how we handle the vulnerabilities that we know that are out there and how we address them.”

However, he says continuation of operation Cyber Dragon will better maintain the fortification and resiliency of the Navy’s networks to stand against attacks from our adversaries.

 

Google Translation Disclaimer

  • Google Translate, a third party service provided by Google, performs all translations directly and dynamically.
  • Commander, U.S. Navy Region Korea, cnrk.cnic.navy.mil has no control over the features, functions, or performance of the Google Translate service.
  • The automated translations should not be considered exact and should be used only as an approximation of the original English language content.
  • This service is meant solely for the assistance of limited English-speaking users of the website.
  • Commander, U.S. Navy Region Korea, cnrk.cnic.navy.mil does not warrant the accuracy, reliability, or timeliness of any information translated.
  • Some items cannot be translated, including but not limited to image buttons, drop down menus, graphics, photos, or portable document formats (pdfs).
  • Commander, U.S. Navy Region Korea, cnrk.cnic.navy.mil does not directly endorse Google Translate or imply that it is the only language translation solution available to users.
  • All site visitors may choose to use similar tools for their translation needs. Any individuals or parties that use Commander, U.S. Navy Region Korea, cnrk.cnic.navy.mil content in translated form, whether by Google Translate or by any other translation services, do so at their own risk.
  • IE users: Please note that Google Translate may not render correctly when using Internet Explorer. Users are advised to use MS Edge, Safari, Chrome, or Firefox browser to take full advantage of the Google Translate feature.
  • The official text of content on this site is the English version found on this website. If any questions arise related to the accuracy of the information contained in translated text, refer to the English version on this website, it is the official version.

Commander, U.S. Navy Region Korea   |   PSC 478 Box 1   |   FPO AP, 96212-0001
Official U.S. Navy Website