“We must change our cybersecurity approach to better compete in today’s contested cyberspace,” said Rear Adm. Tracy Hines, Director of the Navy’s Enterprise Networks and Cybersecurity Division. “Cybersecurity cannot be an afterthought. Our adversaries are constantly leveraging the cyber domain to erode our country’s advantages, and for that reason, cyber must be a part of the acquisition process from the beginning.”
In August 2022, Secretary of the Navy Carlos Del Toro released a strategic intent memo providing guidance for transforming the Department of the Navy’s approach to cybersecurity. In this memo, Secretary Del Toro directed the department to pivot from a compliance-based mindset to a more dynamic model rooted in the philosophy of readiness. And consequently, “Cyber Ready” came to be.
Cyber Ready is a continuous state of cybersecurity awareness, where the Authority to Operate (ATO) on the Navy’s network is earned and managed every day. A Cyber Ready posture ensures secure delivery of information into the right hands at the right time and allows programs with network applications to continuously evaluate their security for threats and vulnerabilities.
“Cyber Ready is the perfect example of us getting real and getting better,” said Rear Adm. Hines. “The standard for determining whether systems are secure will no longer be based entirely on completing static checklists at regular intervals. Instead, it will be a continuous process of verification and validation of a system’s cybersecurity.”
Everything that exists on the Department of the Navy’s network today must have an ATO, which is a lengthy process generally reevaluated every three years. This is known as a compliance-driven approach. However, with the cyber environment constantly changing, being Cyber Ready equates to continuous monitoring of networks and systems, thus making the system owner responsible for staying up to date and at the ready for someone or something to test the system for vulnerabilities.
“In simpler terms, the Navy used to treat cybersecurity with a ‘set it and forget it’ mentality,” said Rear Adm. Hines, “But Cyber Ready tells us to instead ‘set it…but also monitor, test, check, and continuously look for opportunities to improve it.’”
While National Cybersecurity Awareness Month has come to a close, remember that cybersecurity, while focused on in October, truly has no season and must be prioritized 24/7/365. Thank you for your dedication as we continue to be CYBER WARRIORS!
For the most up to date policy and news about Navy cybersecurity visit doncio.navy.mil and search “cybersecurity.”