Tag Archives: cyber

Navy Culture Must Be Adapted to Fit the Information Age

By Lieutenant Commander Travis D. Howard, USN

A recent independent review of the Navy’s cybersecurity posture, completed in March 2019, was predictably harsh on our Navy’s current culture, people, structure, processes, and resourcing to address cybersecurity.1 For many of us within the Information Warfare discipline, much of this report does not come as a shock, but it does lay bare our cultural, structural, and procedural problems that the Navy has been struggling with since the turn of the century.

The 76th Secretary of the Navy, Richard V. Spencer, should be applauded for enabling open and honest dialogue on the key issues of this report by releasing it for public comment and professional discourse. The review found that the Navy was not “optimally focused, organized, [nor] resourced” for cyberwar.2 Such transparency has been the hallmark of the naval service for centuries, and is largely the reason why such robust professional forums such as the United States Naval Institute (USNI) and the Center for International Maritime Security (CIMSEC) continue to thrive.

The report was particularly critical of the Navy’s culture, stating that the Navy is “preparing to win some future kinetic battle, while it is losing the current global, counter-force, counter-value, cyberwar.”3 The report goes on to recommend that the highest levels of Navy leadership adjust the service’s cultural landscape to become more information-centric, rather than platform-centric. This excerpt is particularly vexing:

“Navies must become information enterprises who happen to operate on, over, under, and from the sea; a vast difference from a 355 ship mindset.”4

In truth, the Navy that acts as an information enterprise and the Navy that pursues the tenants of traditional naval warfare as laid out by naval doctrine are not mutually exclusive. Our drive toward a bigger, better, and more ready Navy, aligned to the National Defense Strategy, requires a naval culture ready for high-end conflict but active and engaged in all levels of conflict below lethal combat. The adoption of information enterprise core principles certainly has a place in our doctrine; in fact, it’s already there but lacks proper execution and widespread cultural adoption as a core competency across all warfare communities. Navy culture can be adapted to better fit the information age, but it will take the entire Navy to do it and not just a single community of effort.

Information is Already in our Doctrine, but Prioritization Must Improve

The 31st Chief of Naval Operations (CNO), Admiral John Richardson, released a Design for Maintaining Maritime Superiority shortly after assuming his role, and recently released an update (Design 2.0) to compliment the 2018 National Defense Strategy. The CNO put information warfare at the center of his strategic thinking, and challenged the Navy’s operational and resourcing arms to “adapt to this reality and respond with urgency.”5 But this change in the security environment wasn’t new to this CNO, in fact, it was foreseen decades ago by thinkers like CAPT (ret.) Wayne P. Hughes, a venerated naval tactician and professor emeritus at the Graduate School of Operations and Information Sciences of the Naval Postgraduate School. Early versions of Hughes’ Fleet Tactics and Coastal Combat, required reading in graduate-level naval officer training, placed information, rapid adoption of technology, and intelligence at the forefront of effective maritime operations in the modern age.6

If we’ve valued information in warfighting all along, then why are we failing to adapt our naval culture to the Information Age? The Cybersecurity Readiness Review cuts straight to the point: “… cybersecurity continues to be seen largely as an ‘IT issue’ or ‘someone else’s problem.’”7 In our haste to stand up a community of practice to do all the cyber things we, as a Navy, failed to make the necessary cultural changes that should have accompanied it.

Why hasn’t the growth of the Information Warfare Community focused the Navy’s culture appropriately? After all, creating such specialized warfare communities has always worked well in the past, as any aviator can attest to. Truthfully, the problem is bigger than just one community; the subsequent decades saw the rise of global information technology as central to nearly everything we do, and every Sailor now uses the network as a primary on-the-job resource. The loss of email, web browsing, and support systems that handle tasks from personnel to logistics can and does result in work stoppage; any assertions to the contrary, that workarounds or manual methods still exist, do not accept the reality of the situation.

Cultural change is long overdue, and just like a Marine or Soldier learns how to handle their weapon safely and effectively from day one, we must now train and mentor our Sailors to use the network in the same vein. No more can we flippantly say “we have people for that” when faced with information management and cybersecurity problems, putting effort into modernizing complex systems and enhancing Information Warfare’s lethality, while ignoring the power a single negligent user could wield to bring it all down. It’s all hands on deck now, or the Navy faces the very real possibility of fumbling the opening stages of the next kinetic fight.

Security is Already an Inherent Part of Navy Culture

The good news is that information security is already an intrinsic part of being a member of the armed forces, uniformed or civil service. Security clearances, safe handling procedures for classified information, and cryptography practices like two-person integrity have been trained into the workforce for decades. Protecting information is as much a part of our culture as operating weapons systems or driving warships.

The Navy’s training machine should find ways to leverage this existing culture of compliance to incorporate dynamic and repetitive ways to reach all Sailors at all stages of development – from boot camp to C school, from initial officer training to graduate school, focused on making each Sailor a harder target for information exploitation. Each engagement should be tailored to fit the environment and to complement subject matter: initial user training should teach how to report spear-phishing, practice OPSEC on social media (and how to spot adversarial attempts to collect against them), and recognizing unusual activity on a network workstation. A more senior Sailor in C-school might learn how to look at cybersecurity from a supervisory perspective, managing a work center and a group of network assets, and how to spot and report insider threats both malicious and negligent. An officer in a naval graduate program, such as at NPS or the Naval War College, would take advanced threat briefings on adversarial activity targeting rank-and-file users on the network, and how to incorporate such threat information into wargaming to inform the strategic and operational levels of war.

Some of these actions are already in the works, but the emphasis should be on how to engage Sailors in multi-faceted, multi-media ways, and repetition is critical. Seeing the same concept in different ways, in different case studies, reinforces better behavior. The Navy is no stranger to this training method: we are masters at repetitive drills to train crews to accomplish complex actions in combat. Reinforcement of this behavior cannot come fast enough. Incidents attributed to negligent network users are on the rise, and cost organizations millions of dollars a year.8 The Navy is no exception: category-4 incidents (improper usage) are too common.

Ultimately, the objective should be a Sailor who understands cyber hygiene and proper use of the network as a primary on-the-job tool, just as well as any Soldier or Marine knows his or her rifle. Sailors go to sea aboard complex warships with integrated networked systems that run everything from Hull, Mechanical, and Electrical (HM&E) systems to combat systems and weapons employment. The computer is our rifle, why shouldn’t we learn how to use it more safely and effectively?

Keys to Success

Cultural change is hard, but lessons learned from our past, best practices from the private sector, and good old fashioned invasive leadership (the kind the Navy does very well) can adjust the ship’s rudder and speed before we find ourselves much further in shoal water.

Top level leadership must set the conditions for success, but they have to believe in it themselves. Our Sailors can easily tell when a leader doesn’t fully commit to action, paying lip service but nothing beyond it. They are also hungry to follow a leader who has a passion for what they do. To effect change, passionate leaders need to take center stage with the authority and resources necessary to translate change into action at the deckplate level. When a Sailor sees a top-level message about a desired change, then sees that change actually happening in their workspace, it becomes real for them. Let’s also trust them to understand the threats, rather than keeping the “scary” threat briefs at the senior levels.

Successes must be celebrated, but failures must have real consequences. It’s time to get serious about stopping insider threats, specifically negligent insiders. Too often the conversation about insider threats goes to the criminal and malicious insiders, ignoring the most common root of user-based attack vectors. Our Sailors must be better informed through regular threat briefings, training on how to spot abnormal activity on the network, and clear, standardized reporting procedures when faced with phishing and other types of user-targeted attacks. Those who report suspicious activity resulting in corrective action should be rewarded. Likewise, those who blatantly ignore established cyber hygiene practices and procedures must face real consequences on a scale similar to cryptographic incidents or unattended secure spaces. This will be painful, but necessary to set our user culture right.

Effective training begets cultural change. We must take advantage of new and innovative training methods to enrich our schoolhouses with multimedia experiences that will reshape the force and resonate with our new generation of Sailors. The annual Cybersecurity Challenge should be retired, its effectiveness has been questionable at best, and replaced with the same level of rigor that we used to attack no-fail topics like sexual assault prevention. With the stand-up of a Director of Warfighting Development (N7), and the lines of effort within the CNO’s Design 2.0 rife with high-velocity learning concepts, the near-future landscape to make this sea change looks promising.9

Conclusion

The Navy has spent the better part of 30 years struggling to adopt an information-centric mindset, and the good news is that operational forces have come a long way in embracing the importance of information in warfare, and how it permeates all other warfare areas. Yet our culture still has a long way to go to break the now dangerously misguided notion that information management and cybersecurity are something that “we have people for” and doesn’t concern every non-IW Sailor. The IW Community has come a long way and can do a lot to further the Navy’s lethality in space, cyberspace, and the electromagnetic spectrum, but it can’t fix an entire Navy’s cultural resistance to change without strong assistance.

Secretary Spencer, in his letter introducing the public release of the 2019 Cybersecurity Readiness Review, noted that “the report highlights the value of data and the need to modify our business and data hygiene processes in order to protect data as a resource.”10 He highlighted that cross-functional groups were already underway to address the findings in the report, and surely the machinations of the Navy Headquarters are more than capable of making the necessary changes to the Navy’s “policy, processes, and resources needed to enhance cyber defense and increase resiliency.”11 But culture, that’s all of us, and we must be biased toward change and improvement. We are the generation of naval professionals who must adapt to this reality and respond with urgency.

Lieutenant Commander Howard is an Information Warfare Officer, information professional, assigned to the staff of the Chief of Naval Operations in Washington DC. A prior enlisted IT and Surface Warfare Officer, his last operational assignment was as the Combat Systems Information Officer aboard USS ESSEX (LHD 2) in San Diego, CA.

References

[1] The Hon. Michael J. Bayer, Mr. John M. B. O’Connor, Mr. Ronald S. Moultrie, Mr. William H. Swanson. Secretary of the Navy Cybersecurity Readiness Review (CSRR), March 2019. https://www.navy.mil/strategic/CyberSecurityReview.pdf

[2] Ibid

[3] Ibid

[4] Ibid

[5] Chief of Naval Operations, December 2018. Design for Maintaining Maritime Superiority, Version 2.0. https://www.navy.mil/navydata/people/cno/Richardson/Resource/Design_2.0.pdf. p. 3

[6] Wayne P. Hughes, 2000. Fleet Tactics and Coastal Combat. Annapolis, MD: Naval Institute Press.

[7] Bayer, et al., CSRR 2019, p. 12

[8] Security Magazine, Apr 24, 2019. “What’s the Average Cost of an Insider Threat?” https://www.businesswire.com/news/home/20180424005342/en/Research-Ponemon-Institute-ObserveITReveals-Insider-Threat

[9] CNO, Design 2.0, p. 13

[10] Secretary of the Navy, 12 Mar 2019. Letter accompanying public release of the CSRR 2019. https://www.navy.mil/strategic/SECNAVCybersecurityLetter.pdf.

[11] Ibid.

Featured Image: U.S. 7TH FLEET AREA OF OPERATIONS (Oct. 16, 2015) Operations Specialist 1st Class Keith Tatum, from Americus, Georgia, stands watch in the Combat Information Center (CIC) aboard the guided-missile cruiser USS Normandy (CG 60) during an air-defense exercise as a part of the joint exercise Malabar 2015. Malabar is a continuing series of complex, high-end warfighting exercises conducted to advance multi-national maritime relationships and mutual security. Normandy is deployed to the U.S. 7th Fleet area of operations as part of a worldwide deployment. (U.S. Navy photo by Mass Communication Specialist 3rd Class Justin R. DiNiro/Released)

The Future of Information Combat Power: Winning the Information War

By VADM T.J. White, RDML Danelle Barrett, and LCDR Robert “Jake” Bebber

Imagine you are the Information Warfare Commander (IWC) of a coalition naval task force in the South China Sea in 2033. The task force’s mission is to deliver combat power in support of the Commander’s campaign objectives. As the IWC, you are simultaneously a “supporting” and “supported” commander. You execute multiple lines of operations across the full-spectrum of influence, information, and cyberspace. The other warfare commanders – strike, air defense, and sea combat – rely on you to understand their fight and fuel their decision-making with precision information, while simultaneously conducting an integrated high-end fight in and through the information domain leading to warfighting outcomes. The information domain is vast, it can be both localized and completely global, interweaving through all other domains of war.

Cyberspace and the Electromagnetic Spectrum are material realizations of the information domain, whether midpoint or endpoint, Internet Protocol or radio frequency, defense or attack, this is where you fight, for there is only one network separated in time. The arsenal of interoperable weapons and systems, manned and unmanned platforms, at the Commander’s disposal to execute and sustain a campaign requires all that you can bring to bear from across your composeable force to achieve unmatched distributed lethality. You have the authorities to execute full-spectrum information warfare to:

  • Reach intended audiences and decision-makers to alter adversary courses of action to our advantage;
  • Protect coalition decision-making;
  • Seize and hold at risk adversary cyberspace;
  • Defend our interests in and through cyberspace;
  • Compete and Win.

Technological capabilities are advancing at an exponential rate while also converging with each other, creating new capabilities for both you and your adversary. When those are combined with people and processes, they provide significant operational advantages, enabling us to simultaneously contest adversary actions in cyberspace, land, sea, air, and space. Future warfighting, enabled by these emerging technologies, is necessary to adapt, develop, and execute new, more lethal operational methods. The future IWC must foster an intuitive ability in themselves and across their force to recognize these emergent opportunities, seize them with deliberate intent, and be comfortable with a battlespace changing at an unprecedented rate. As “maestro” of the Information Warfare afloat symphony, you understand the potential power of full-spectrum, integrated information warfare. You guide your force to realize that potential by opportunities seized and effects achieved.

This requires serious forethought and planning to make certain the force – human and platform –  is prepared to orchestrate effects in this type of environment. It demands a certain mentality and type of thinker – agile, adaptive, innovative, willing to take calculated risks with speed; an aggressive change agent. Thinking like a futurist and being comfortable with being uncomfortable should be part of the IWC job description. As the IWC, you see the convergence of people, information, and machines as your domain and how the Navy makes that our warfighting gain.

The complex interactions within the information environment and ecosystem expose new vulnerabilities to pre-emptively close or seize. Space, cyberspace, and the electromagnetic spectrum must be protected from disruption by sophisticated and increasingly aggressive adversaries. These domains are contested ecosystems in which you as the IWC must align kinetic and non-kinetic fires, synchronized alongside other operations. At your disposal are surface, subsurface, air, and space autonomous vehicles that can reason, recommend actions, and execute within prescribed rules of engagement. Autonomous information warfare platforms are hyper-connected with manned units using both laser and radio frequency communications links, complicating an already congested spectrum. The ability to tie all these elements together into the fleet tactical grid, coupled with advanced data analytics and machine learning, are required to prevail in our highly contested battlespace.

Additionally, platforms are equipped with quantum computers networked across 24 time-zones. Secure cloud-networked afloat “information warfare vaults” at the tactical edge project combat power and provide the bandwidth, security, and resiliency needed to fight through information disruption and denial. Our peer adversaries have rapidly advanced their capabilities in parallel. Inexpensive and ubiquitous technology has eroded the qualitative operational advantages we once enjoyed. Our force must be postured to deny the information space to adversaries who wish to hold our national interests at risk. Resilience in your operations presents both sides of the coin; challenge and opportunity.

We observed a sea change in operational focus, due to the vastly different threat outlook outlined 17 years earlier in the 2018 National Defense Strategy (NDS). In 2033 we face new and emerging threats that were not imagined then. For example, miniaturized computing coupled with advanced robotics on autonomous Artificial Intelligence (AI) vehicles have fundamentally changed maritime warfare. The rules of engagement are different and include means for AI in those autonomous vehicles to even make ethical decisions about warfare. Our adversaries no longer conform to Geneva Convention rules having judged them anachronistic for the current fight. As IWC you have a keen sense of how these factors govern our own warfighting actions, how the adversaries don’t behave in accordance with traditionally accepted rules of warfare, and how to incorporate all of these factors for an information advantage that ensures our lethality.

Since 2000, the U.S. and China have been engaged in a fierce technological arms race, with AI at the forefront beginning 2018. Each amassed complicated autonomous combat platforms that can reason, recommend, and make decisions depending on their programming and their ability to learn. China made significant investments in people, processes, and technology (not always their own) to ensure dominance in AI and quantum computing. They have long held a strategic national objective to be the world leader in AI, working tirelessly to shape information interactions globally. What started in the early stages of Chinese and American research companies developing AI programming that defeated the world’s greatest chess and Go masters, has progressed to unprecedented computing capability far exceeding the capacity of the human brain.

Physical devices such as automobiles, appliances, phones, and homes were embedded with sensors, software, and actuators connected to share data and control actions across an “Internet of Things.” This similarly transformed maritime operations. Strategic competitors like Russia and China added disruptive tools to their information arsenal to achieve warfighting maritime effects like operational technology disruption in navigation, propulsion. and other control systems. As the IWC, you understand how to stay one step ahead of potential adversaries by leveraging those same technologies and capabilities, integrating them into the fight, and denying enemy use.  

Your superior AI is a game changer enabling you to stay ahead. It correlates thousands of factors in real time yielding a tactical picture not disconnected from operational significance. Advanced modeling and simulation of possible enemy courses of action at the tactical edge provides you with recommended countermeasures. Real-time assessment of network conditions yields the means to communicate securely over vast distances to execute distributed operations. Because it processes vast quantities of data in fractions of a second, AI quickly learns, grows, and adapts within a rules framework such as command relationships, rules of engagement, campaign phasing, weight, level of effort, all covering multiple branches and sequels to operational plans. Your team provides the necessary “man in the loop” understanding and maintaining of Commander’s intent and strategic guidance. AI supports your maritime forces by providing courses of action based on analysis of massive amounts of sensor data and information from ashore and organic afloat sources. The key to this operator extended reality (clearer sight picture, farther reach, faster decision) is data veracity – a combination of data trustworthiness and core common data standards across and within the information kill chain. Warfighting decisions are made more quickly and reliably, even factoring ethical and moral elements into the calculus. Only in the most sensitive warfighting scenarios are humans used as the last deciding factor for weapons employment.

The Navy moved boldly to get here by 2033. The information race was not an easy lift. There were practical modernization, structural, and cultural challenges for the Navy to quickly integrate and adapt processes to leverage new technology on aging platforms, new ideas by old warriors, and to build the new platforms with the flexibility to insert emerging technology at a significantly accelerated rate. In 2018, the Navy’s acquisition and programmatic processes were slow, built for the industrial era. The Navy recognized this and changed. It forced creative solutions in how it imagined, researched, built, fielded, and sustained new technology. An example of this was their move to commercial cloud to more quickly deliver lethal technologies and advanced data analytics to the tactical edge of fleet operations. Continued reforms streamlined the traditional acquisition processes so that by 2033 new capabilities are continuously delivered in increments vice in their entirety over decades, ultimately yielding the agility we require for the fight.

More important than improved acquisition processes is flexibility in how our most important treasure – our people – are missioned. To protect platform networks and exploit information advantages in 2018, the Navy began deploying cyber development units, Sailors specially trained who came with their own “cyber kit,” able to build tools “on the fly” to meet emerging priorities. By 2033, training, education, and organic platform capability have resulted in full spectrum cyber and information operations from sea. As the IWC, you recognize processes and people are just as critical to excellence in the information domain as the technology. You deliberately combine these three elements for warfighting supremacy.

In 2033 you also have the authority to execute influence operations to shape the maritime and littoral battlespace. History from prior to 2018 demonstrated that peer adversaries like Russia and China quickly organized social media and public demonstrations around the world in support of their strategic objectives in the Ukraine, Southeast Asia, and America. In 2033, influence actions at the tactical and operational level are designed and executed by you and aligned to strategic objectives including targeted messaging on social media; suppressing, changing, or interfering with adversary maritime messaging to their audiences; or targeting dual-use entities that support adversary maritime sustainment.

So how is this all playing out operationally in the total fight in 2033? Back in the South China Sea, as IWC you are coordinating with our coalition partners as a task force quietly slips out of San Diego. Under the guise of a planned international naval exercise, this force would include a Japanese “helicopter-destroyer” with a mix of Japanese F-35s and older V-22s, as well as a French frigate. To keep the Chinese unaware, the carrier fleet remains in port. The command ship, a Zumwalt-class guided missile destroyer, and two of the newest unmanned guided missile frigates lead the force. An American cruise missile submarine, which departed two weeks prior from the U.S. mainland, avoids the extensive Chinese underwater sensor networks that stretch to Hawaii.

A key component to this lethal task force are those virtually undetectable unmanned surface and subsurface “sensor/shooter” vessels. These platforms use secure and resilient quantum-encrypted relays to massively powerful shipboard data clouds. This cloud ecosystem leverages advanced heuristics and machine-language algorithms correlating sensor production and dissemination of information in the context needed for action to humans and weapons systems. Task Force vessels spread across the Pacific, link land-and-space-based intelligence and surveillance collection and long-range ballistic missiles with Air Force B-52 “arsenal” planes loaded with hypersonic, anti-ship, and anti-air missiles. This powerful manned and unmanned naval force is part of a larger coalition response, sent as a bulwark between Vietnamese islands and the oncoming Chinese amphibious fleets. The Task Force Commander relies on you to execute denial and deception to confound the adversary and maintain tactical situational awareness (EMCON, counter-ISR and counter-targeting systems). You deftly impact adversary behavior through advanced influence operations executed against their maritime forces, partners, and logistics lines of communication. You and the converged human and machine team leverage the entire electromagnetic spectrum, from space to undersea and linked to assessment and intelligence nodes via tactical and operational level “cloud”-based quantum computing systems to proactively analyze, disseminate and act on information. Synchronized human-AI teams dynamically model, wargame, and execute pre-planned and improvised tactical actions and operational movements to prevent detection. Commander confidence is high in the human-augmented teams to quickly and accurately identify potential second and third order effects across an integrated battle space. You provide the Commander with the information warfare options needed to deter, and if necessary, defeat adversary forces. Your Commander has the highest levels of force readiness and uses technology to help maintain that state. The symbiotic relationship between machine and human extends down to the individual Sailor and platform as Sailor health and readiness are continuously monitored via implants and sensors, enabling your Commander to immediately recalibrate force distribution should you begin to take casualties.

Before a shot is fired, the Commander knows she will win the information war, enabling success in the overall campaign. You as the IWC will give her that tactical and operational win as the conductor orchestrating the elements together for mission success.

In a data-rich and knowledge-poor circumstance, challenged with sophisticated competitors, as IWC you will be more than just the conductor of this information orchestra; you will be the instrument builder and tuner, the composer, and the producer. You will rely on advanced technologies and computers to perform the heavy lifting so our forces can act dynamically with precision and purpose. Modern information warfare requires this nimble shift from orchestra to jazz, or to the raw power and disruption of punk rock.

If you are interested in joining, contact the iBoss.

Vice Adm. Timothy “T.J.” White currently serves as the Commander, U.S. Fleet Cyber Command and Commander, U.S. 10th Fleet at Fort Meade, MD. A leader in the Navy’s Information Warfare Community, White originally served as a surface warfare officer before being designated as a cryptologic warfare officer. He is a graduate of the U.S. Naval Academy and has postgraduate degrees from the Naval Postgraduate School and the National Defense University-Industrial College of the Armed Forces. He is also a Massachusetts Institute of Technology Seminar XXI fellow. He is a native of Spring, TX. 

Rear Adm. Danelle Barrett is serving as the Navy Cyber Security Division Director on the staff of the Deputy Chief of Naval Operations for Information Warfare (N2N6) in the Pentagon. An Information Professional, she graduated from Boston University where she received her commission via the Naval Reserve Officers Training Corps program. She holds Masters of Arts degrees in Management, National Security/Strategic Studies, and Human Resources Development and a Master’s of Science in Information management. Barrett has published more than 29 professional articles. 

Lieutenant Commander Robert “Jake” Bebber was commissioned through the Officer Candidate School program. An Information Warfare professional, Bebber holds a Ph.D. in Public Policy, a Master’s in Public Administration and a Master’s In National Security and Strategic Studies, as well as a BA in Political Science from Stetson University. He currently is assigned to the staff of Commander, Carrier Strike Group 12 on board USS Abraham Lincoln as the Cryptologic Resource Coordinator.

Featured Image: PHILIPPINE SEA (JUNE 21, 2016) Sonar Technician (Surface) 3rd Class Michael E. Dysthe stands watch in the combat information center during a anti-submarine warfare exercise aboard the Ticonderoga-class guided-missile cruiser USS Chancellorsville (CG 62). (U.S. Navy photo by Mass Communication Specialist 2nd Class Andrew Schneider/Released)

Why It Is Time For a U.S. Cyber Force

By Dave Schroeder and Travis Howard

The proposal to create a U.S. Space Force has cyber professionals wondering about the government’s national security priorities. While spaceborne threats are very real — some of which cannot be suitably described in a public forum — the threats posed in cyberspace have been all too real for over a decade, and include everything from nuisance hacks by nation-states, to the weaponization of social media, to establishing beachheads on our nation’s electric grid, or the internet routers in your own home.

Since 2009, incremental improvements have been made to the nation’s ability to operate in cyberspace during this period. The establishment of U.S. Cyber Command (USCYBERCOM) — first subordinate to U.S. Strategic Command, and then elevated to a Unified Combatant Command (UCC) — and the formation of the 133 teams that comprise the Cyber Mission Force (CMF) are chief amongst them.

Yet despite all of the money and attention that has been thrown at the “cyber problem” and for all of the increased authorities and appropriations from Congress, the nation’s offensive and defensive cyber capabilities suffer from inefficiency and a lack of a unified approach, slow to non-existent progress in even the most basic of cybersecurity efforts, and a short leash that is inconsistent with the agility of actors and adversaries in cyberspace. Our adversaries continue to attack our diplomatic, information, military, economic, and political systems at speeds never before seen.

The discourse surrounding the formation of a dedicated service for space defense has captured the American imagination, and for good reason. Since World War II, America has shown her ingenuity and innovation, and the success of the U.S. Air Force provides a historical model for how a combat-ready, specialized fighting force can be built around a new warfighting domain. However, a force structure has already taken shape within the U.S. military that would logically translate to its own service, and the operational culture it would both allow and cultivate would greatly enhance the effectiveness of national security.

It is past time to form the U.S. Cyber Force (USCF) as a separate branch of the United States Armed Forces.

America’s Position in Cyberspace is Challenged Daily — but it can be Strengthened

It’s no surprise that a wider breadth of adversaries can do more harm to American interests through cyberspace than through space, and for far less cost. In the aftermath of the 2008 Russo-Georgian War — the cyber “ghosts” of which are still alive and well in 2018 — Bill Woodcock, the research director of the Packet Clearing House observed, “You could fund an entire cyberwarfare campaign for the cost of replacing a tank tread, so you would be foolish not to.”

Deterring and responding to Russian hybrid warfare in cyberspace, countering Chinese cyber theft of U.S. intellectual property, shutting down state and non-state actor attacks, defending American critical infrastructure — including the very machinations of our democracy, such as voting and political discourse and even cyber defense of U.S. space assets are just some of the heavy-lift missions that would occupy a U.S. Cyber Force.

Admiral (retired) Jim Stavridis recently described four ways for the U.S. and allied nations to counter challenges like the weaponization of social media and multifaceted information warfare campaigns on Western democracy: public-private cooperation, better technical defenses, publicly revealing the nature of the attacks (attribution), and debunking information attacks as they happen. A dedicated U.S. Cyber Force, with the proper ways and means to do so, could accomplish all of these things, and be a major stakeholder from day one.

Admiral (ret.) Mike Rogers, former Director, National Security Agency (NSA)/Chief, Central Security Service (CSS) and Commander, USCYBERCOM, in his 2017 testimony before the Senate Armed Services Committee, cautioned against prematurely severing the coupling of cyber operations and intelligence that has been the hallmark of any success the U.S. has thus far enjoyed in cyberspace. General Paul Nakasone, the current DIRNSA/CHCSS and Commander, USCYBERCOM, made the same recommendation in August 2018. Despite increased resourcing of USCYBERCOM by both Congress and the Executive Branch, operational authorities in cyberspace are hamstrung by concerns about blending Title 10 military operations with Title 50 intelligence activities, along with negative public perception of the NSA. The relationship between USCYBERCOM and NSA requires a complicated (and classified) explanation, but blending cyber operations with rapid, fused intelligence is vital, and go hand-in-hand — to separate them completely would be to take the leash that already exists around USCYBERCOM’s neck and tie their hands with it as well. Offensive and defensive operations in cyberspace are two sides of the same coin — and intelligence is the alloy between them. Standing up a U.S. Cyber Force would also enable a deliberate re-imagining of this unique symbiosis, and a chance to — very carefully — lay out lines of authority, accountability, and oversight, to both prevent overreach and justifiably earn public trust.

The above challenges could be addressed in part by refining the existing structures and processes, but the real sticking point in USCYBERCOM’s sustainment of fully operational cyber forces lies in how we build forces ready to be employed. Force generation of the CMF through the various armed services’ manning, training, and equipping (MT&E) their own cyber warriors is an inefficient and weak model to sustain a combat ready force in this highly-specialized and fast-moving mission area.

Cyber resources play second-fiddle to service-specific domain resourcing; for example, the Department of the Navy has an existential imperative to resource the maritime domain such as shipbuilding and warplanes, especially during a time of great power competition. The cyber mission is secondary at best, and that’s not the Navy’s fault. It just simply isn’t what the Navy is built or tasked to do. This same reality exists for our other military services. Cyber will always be synergistic and a force multiplier within and across all domains, necessitating the need for the services to retain their existing internal cyber operations efforts, but feeding the joint CMF is ultimately unsustainable: the CMF must sustain itself.

The Cyber Force is Already Taking Shape

USCYBERCOM, NSA, the 133 teams comprising Cyber Mission Force — are approaching full operational capability in 2019 — and the operational and strategic doctrine they have collectively developed can now more easily transition to a separate service construct that more fully realizes their potential within the joint force. There is a strong correlation here with how the U.S. Army Air Force became the U.S. Air Force, with strong support in Congress and the approval of President Truman. The DoD has begun revising civilian leadership and building upon cyber subject matter expertise, as well, with the creation of the Principal Cyber Advisor (PCA) to the Secretary of Defense — a position that Congress not only agreed with but strengthened in the Fiscal Year 2017 National Defense Authorization Act. Such a position, and his or her staff, could transition to a Secretary of the Cyber Force.

The footprint would be small, and room in Washington would need to be carved out for it, but the beginnings are already there. Cyber “culture” — recruiting, retention, and operations — as well as service authorities (blending Title 10 and Title 50 smartly, not the blurry “Title 60” joked about in Beltway intelligence circles) would all benefit from the Cyber Force becoming its own service branch.

Perhaps one of the greatest benefits of a separate cyber branch of the armed forces is the disruptive innovation that would be allowed to flourish beyond the DoD’s traditional model of incremental improvement and glacial acquisition. The cyber domain, in particular, requires constant reinvention of techniques, tools, and skillsets to stay at the cutting edge. In the early 2000s, operating in a cyber-secure environment was thought to mean a restrictive firewall policy coupled with client-based anti-virus software. In 2018, we are developing human-machine teaming techniques that blend automation and smart notifications to fight and learn at machine speed. Likewise, the traditional acquisition cycle of military equipment, often taking 4-6 years before prototyping, just doesn’t fit in the cyber domain.

In short, the “cyber culture” is an incubator for innovation and disruptive thinking, and there are professionals chomping at the bit for the chance to be a part of a team that comes up with new ideas to break norms. A dedicated acquisition agency for cyber would be an incubator for baked-in cybersecurity controls and techniques across the entire DoD acquisition community. The Defense Innovation Unit (DIU) — recently shedding its Experimental “x” — is proving that something as simple as colocation with innovation hubs like California’s Silicon Valley and Austin, Texas, and a willingness to openly engage these partners, can deliver innovative outcomes on cyber acquisition and much more. Similarly, the Cyber Force must be free to exist where cyber innovation lives and thrives. 

Creating the USCF has other benefits that would be felt throughout the military. The Army, Navy, Marines, and Air Force, relieved of the burden of feeding the offensive and national CMF and paying their share of the joint-force cyber bill, can better focus on their core warfighting domains. This doesn’t absolve them of the need for cybersecurity at all levels of acquisition, but a USCF can be an even greater advocate and force-multiplier for DoD cybersecurity efforts. Services can and should retain their service-specific Cyber Protection Teams (CPTs), which could be manned, trained, equipped, and tactically assigned to their service but also maintain ties into the USCF for operations, intelligence, and reachback. Smart policies and a unity of effort can pay big dividends here, as the services would naturally look to such an organization as the resident experts.

Extreme Challenges with Existing Forces

Much has been made of the extensive difficulties faced by our military services for the recruiting and retention of cyber expertise in uniform. Brig. Gen. Joseph McGee, Deputy Commanding General (Operations), Army Cyber Command (ARCYBER), described an example in which a talented cyber prospect “realized he’d make about the same as a first lieutenant as he would in a part-time job at Dell.” Examples like this are repeated over and over from entry-level to senior positions, and everything in between, on issues from pay to culture. In the military, being a cyber expert is like being a fish out of water.

The service cyber and personnel chiefs have made a clear case before the Armed Services Committees of both houses of Congress for the urgent need for flexibility on issues such as rank and career path for cyber experts specifically. Cyber needs were repeatedly cited as the rationale for the need for changes to restrictive military personnel laws. Many of these items were indeed addressed in the Fiscal Year 2019 (FY19) National Defense Authorization Act (NDAA), with provisions which may now be implemented by each service in what is hailed as the biggest overhaul to the military personnel system in decades:

  • Allow O-2 to O-6 to serve up to 40 years without promotions, or continue service members in these grades if not selected for promotion at a statutory board
  • Ability for service members to not be considered at promotion boards “with service secretary approval” — for instance, to stay in “hands on keyboard” roles
  • No need to meet 20 years creditable service by age 62 for new accessions (no need for age limit or age waiver above 42 years old for direct commissions)
  • Direct commissions or temporary promotion up to O-6 for critical cyber skills

But even these provisions do not go far enough, and the services are not obligated to implement them. When the challenges of pay, accessions at higher rank, physical fitness, or military standards in other areas come up, invariably some common questions are raised.

A common question is why don’t we focus on using civilians or contractors? In the case of naval officers, why don’t we make them Staff Corps (instead of Restricted Line), like doctors and lawyers who perform specialized functions but need “rank for pay” and/or “rank for status?” What about enlisted specialists versus commissioned officers?

The answer to the first question is easy in that we do use civilians and contractors across the military, extensively. The reason this is a problem is that we also need the expertise in uniform, for the same legal and authorities reasons we don’t use civilians or contractors to drive ships, lead troops, launch missiles, fly planes, and conduct raids.

As for making them Staff Corps officers or equivalent in the other services, the Navy, for instance, has been talking about going the other direction: making officers in the Navy Information Warfare community designators (18XX) unrestricted line, instead of restricted line, like their warfare counterparts, or doing away with the unrestricted line vs. restricted line distinction altogether. This is a matter of protracted debate, but the reality is that some activities, like offensive cyberspace operations (OCO) and electronic attack (EA), are already considered forms of fires under Title 10 right now — thus requiring the requisite presence of commissioned officers responsible and accountable for the employment of these capabilities. The employment of OCO creates military effects for the commander, and may someday be not just a supporting effort, or even a main effort, but the only effort, in a military operation.  

Under the Navy’s Information Warfare Commander Afloat Concept, for the first time the Information Warfare Commander of a Carrier Strike Group, the Navy’s chief mechanism for projecting power, can be a 18XX Officer instead of a URL Officer. If anything, we’re shifting more toward URL, or “URL-like”, and the reality of the information realm as a warfighting domain is only becoming more true as time goes on, if not already true as it stands today.

So what about our enlisted members? They’re doing the work. Right now. And the brightest among them are often leaving for greener pastures. But still for reasons of authorities, we still need commissioned officers who are themselves cyber leaders, subject matter experts, and practitioners.

None of this is to say that direct commissioning of individuals with no prior service as officers up to O-6 is the only solution, or that it would not create new problems as it solves others. But these problems and all of the concerns about culture shock and discord in the ranks can also be solved with a distinct U.S. Cyber Force which accesses, promotes, and creates career paths for its officers as needed to carry out its missions, using the full scope of flexibility and personnel authority now granted in the FY19 NDAA.

Another major challenge is the lack of utilization of our reserve components. Many members of our reserve force have multiple graduate degrees and 10-15 years or more of experience, usually in management and leadership roles, in information technology and cybersecurity. We have individuals in GS/GG-14/15 or equivalent contractor and other positions, who are doing this work, every day, across the Department of Defense (DOD), the Intelligence Community (IC), academia, and industry.

Yet reservists are currently accessed at O-1 (O-2 under a new ARCYBER program), need to spend 3-5 years in training before they are even qualified to mobilize, or for the active components to use in virtually any operational or active duty capacity. And that’s after doing usually a year or more of non-mobilization active duty, for which nearly all employers don’t give differential pay because of existing employment policies, including in federal GS/GG positions.

We have very limited mechanisms and funding sources to even put reservists on active duty at NSA or USCYBERCOM, where our service cyber leadership repeatedly states we need people the most. And in the rare instances we manage to put people on some type of active duty in a cyber role in their area of expertise, it often is not a “mobilization” under the law — which means a person is now an O-2 or O-3, and with that “level” of perceived authority and experience to those around them. And they often just left their civilian job where they are recognized as a leader and expert — and easily make $200k a year.

National Security Operations Center (NSOC) c. 1985 — National Cryptologic Museum

Most people appreciate that you can’t just magically appear as an O-6, and have the same depth, breadth, and subtlety of experience and knowledge as a O-6 with 25 years in uniform. Yet these O-6s, as well as general and flag officers, routinely retire and assume senior leadership positions in all manner of public and private civilian organizations where “they don’t know the culture” — because they’re leaders.

So while a person off the street doesn’t have the same level of understanding of the military culture, it’s incorrect to say they can’t innovate and lead on cyber matters — to include in uniform as a commissioned officer. We’re not so special to imply that you can’t lead people and do the critical work of our nation, in uniform, unless you’ve “put in your time” in a rigid career path. It’s time to change our thinking, and to establish a military service to support the realities of that shift.

Recommendations

The call for a dedicated cyber branch of the U.S. Armed Forces is not new. Admiral (ret.) Jim Stavridis and Mr. David Weinstein argued for it quite passionately in 2014, calling on national leaders to embrace cyber innovation and imploring us to “not wait 20 years to realize it.” Great strides have been made in the four years since that argument was made, and we are closer than ever to realizing this vision. It will take a focused effort by Congress and the president to make this happen, as it did with the U.S. Army Air Forces becoming the U.S. Air Force in 1947. A tall order, perhaps, in today’s political environment, but not impossible, especially given the desire to compromise on issues of national defense and when both Republicans and Democrats alike are seeking wins in this column.

To summarize: the threat is eating our lunch, USCYBERCOM and the CMF are nearly ready to transition to their own service branch, and the benefits of doing so are numerous:

  • Sensible use of resources spent on cyberspace operations
  • An incubator of disruptive and rapid innovation in the cyber domain
  • Improved oversight and accountability by policy and under U.S. Code
  • More efficient and sustainable force generation and talent retention
  • Better alignment of service-specific core competencies across all warfighting domains
  • Synergy with a unified space commander (such as cyber protection of satellite constellations)

The United States House of Representatives recently ordered the Government Accountability Office (GAO) to begin an assessment on DoD cyberspace operations as part of the FY19 NDAA. This study, due to Congress in 2019, should prove enlightening and may become a foundational effort that could be built upon to explore the feasibility of establishing the U.S. Cyber Force as a new branch of the Armed Forces. Congress could order this as soon as FY21, with the Cyber Force fully established by the mid-2020s (blazingly fast by federal government standards, but no faster than the proposed Space Force).

Conclusion

The President has also now relaxed rules around offensive cyberspace operations, perceiving the urgent need to respond more quickly to cyber threats and cyber warfare directed at the United States. We have a great stepping stone in USCYBERCOM, but with no plans to take it to the next step, even a dedicated combatant commander for the cyber domain will face challenges with the above issues for the duration of its lifespan. Similar to how we are just becoming aware of space as a distinct warfighting domain, cyber has already been a warfighting domain since the beginning of the 21st century. The time for a U.S. Cyber Force is now. The threat in cyberspace, and our underwhelming response to it thus far, cannot wait.

Travis Howard is an active duty Navy Information Professional Officer. He holds advanced degrees and certifications in cybersecurity policy and business administration, and has over 18 years of enlisted and commissioned experience in surface and information warfare, information systems, and cybersecurity. Connect with him on LinkedIn.

Dave Schroeder served as a Navy Cryptologic Warfare Officer and Navy Space Cadre, and is Program Manager for IWCsync. He serves as a senior strategist and cyber subject matter expert at the University of Wisconsin–Madison. He holds master’s degrees in cybersecurity policy and information warfare, and is a graduate of the Naval War College and Naval Postgraduate School. Find him on Twitter or LinkedIn.

The views expressed here are solely those of the author and do not necessarily reflect those of the Department of the Navy, Department of Defense, the United States Government, or the University of Wisconsin–Madison.

Featured Image:  National Security Operations Center floor at the National Security Agency in 2012 (Wikimedia Commons)

Three Hard Questions for U.S. Maritime Strategy in a Digital Age

By Frank T. Goertner

From the White House to the Pentagon, the message is clear. The world of 21st Century great power competition has arrived, and it is distinctly different from the one today’s U.S. national security enterprise was designed to confront. Now is the time for every agency, department, and service in the executive branch to ask itself hard questions and consider decisive change.

Nowhere is the imperative for introspection more acute than in the U.S. Navy, Marine Corps, Coast Guard, and Merchant Marine. They are the sea services responsible for sustaining American sea power; their forces the guarantors of maritime superiority for a maritime nation. Moreover, their leaders are the custodians of the national assets most threatened by the rise of China and Russia as new global rivals in the maritime domain.

With this in mind, it is time to consider whether the emergent norms of this new era of great power competition also warrant a campaign to rethink the functions and missions of these sea services. Is now the time for a new maritime strategy for the United States?

The answer is yes. Three hard questions point to why.

What Will We Do if the Lights Go Out?

The sea services have always been on the nation’s first line of defense against threats to national interests and on the first line of response to disasters at home and abroad. Traditionally this has taken the form of sustaining and guarding physical sea lines of communication (SLOCs) that connect the United States to other maritime nations, while exercising readiness to project military power or render disaster response to physical crises around the globe. 

The current maritime strategy of the United States bins these roles into five enduring functions – deterrence, sea control, power projection, maritime security, all domain access – and promotes seven naval missions – defend the homeland, deter conflict, respond to crises, defeat aggression, protect the maritime commons, strengthen partnership, and provide humanitarian assistance/disaster response. Anyone capable of tracking their way through these lists as they read the document is then offered a tour of U.S. maritime capabilities as they relate to each of these functions and roles. En route, they will find sound justification for everything the sea services are doing today. What they will not find is precise direction on how they should change to confront the future of maritime competition. 

This is a problem. China and Russia are both developing capabilities that could fundamentally change the character of contests at and from the sea.  They are investing in unprecedented capacity for new means of physical and digital coercion. Russia brands it Information Confrontation. For China, it is Low Intensity Coercion and Intelligentized Warfare. Each involves developing sophisticated offensive cyber doctrine, investments in high-end electromagnetic pulse weaponry, and capabilities to disrupt critical communications architecture around and beneath the sea. In early phases of escalation or conflict, it is fully plausible either rival could disrupt civil communications, impair digital infrastructure, and impede electrical services across large swaths of the United States. 

The implications for the future sea services are profound. Each must prepare to defend against digital coercion by maritime rivals and to protect new digital SLOCs for future maritime operations. What are the means by which the sea services could align with other national instruments of power to deter such coercion in peace and in war, and what could each sea service offer the nation in the worst-case that deterrence fails? Could the Navy and Merchant Marine deliver power-generating capacity and internet services from the sea? Could the Coast Guard help reestablish communications between coastal U.S. hubs? Could the Marine Corps help rebuild and defend critical digital nodes and infrastructure? Who would repair the undersea cables and defend them against further attack? In sum, the sea services need a strategy that evolves beyond today’s functions and missions, and toward defining future means to protect America against 21st Century coercion and be ready to respond if the lights go out.  

What if the Oceans Turn Transparent?

One of the tenets of naval strategy has always been the vastness of the world’s oceans. There has traditionally been so much water, with so much activity occurring within and around it, that it was inconceivable any nation could capture and make sense of it all. Any ship at sea was not just the proverbial needle in a haystack. It was a moving needle among hay that was tossing, turning, and even inhabited.

The best navies in history have applied this tenet to their advantage. They developed navigational and communications techniques to maintain the edge over rivals in knowing where their ships were among others in the haystack, along with the fastest ships to traverse the open ocean swiftly or furtively. Maintaining that part has always been hard, demanding continual progress in command, control, and communications technology in platforms built to leverage every boundary of physics they could challenge. On the other hand, hiding has historically been easy. It has been a matter of either knowing where to hide in the ocean’s multi-layered domain or reducing physical signature enough to look like other needles or hay in the stack.   

For the first time in history, there is evidence that this may all be about to change. With the emergence of a globalized sensor-based economy, the world is on track to host more than 50 billion “smart” devices and one trillion digitally connected sensors by the early 2020s. Of course those won’t all be sensing the maritime domain, but many will be. 

They will be mass-manufactured in a host of sizes and configurations and employed on long-endurance drones on and above the ocean’s surface, in nano- and micro-satellites in space, or scattered along the coasts and sea-bed. They will be employed in abundance on military, commercial, and possibly even biological platforms; collecting, deciphering, and transmitting the data of the seas.

For the aggregators of this data, virtually everything in the haystack could be visible – critical portions of the oceans will be effectively transparent. Yet that is only half the problem. Development and operationalization of Artificial Intelligence (AI) and autonomous systems, alongside advances in quantum computing and radar, offer the promise of harnessing machine processors to discern patterns in the data such that nearly every needle can be found, or at least rendered probabilistically present, with greater accuracy than humans have ever achieved. 

The impact on the future sea services will be immense. Postures of passive defense will no longer be enough to protect their assets at sea. Is the United States ready for a fight in which the competition for sensor saturation and AI dominance is a core determinate of victory at and from the sea? Are the sea services prepared for an operating environment in which maneuver among rival maritime forces becomes an active game of confounding the predictive analytics of rivals and finding novel ways to hide in the clutter of the oceans’ dynamics? And perhaps of greatest concern, what if the transparency extends below the sea surface and the Navy’s undersea contribution to the U.S. nuclear triad is someday laid bare? Is it worth a strategic hedge such as diversifying employment of strategic weapons and high-yield tactical missiles onto surface combatants, carrier-launched aircraft, or in extremis even container vessels of the Merchant Marine? In sum, the sea services need a strategy that addresses holistically how to sustain American sea power if the oceans turn transparent.     

How can We Mobilize a Digital Maritime Nation?

Since the War of Independence, America’s leaders have recognized that they are responsible for a maritime nation. Yet how to convey that in policy has not always been self-evident. During the inter-war years of the 1930s, as now, the U.S. Government witnessed an escalation of competition among maritime rivals on a scale that had never been seen before, enabled by technology that was fundamentally changing the character of contests between them. National leaders at the time knew the United States had an edge in industrial production and innovation, but they did not know how to mobilize it for a global fight.

In response, the President and Congress passed the Merchant Marine Act of 1936, establishing a Maritime Commission. It was a federal body directed and authorized to chart the mobilization of an American maritime nation for the level of global competition and contest it saw on the horizon. By the 1940s, when those contests turned to war, the nation had at least thought through what was needed in the months and years ahead.      

America remains a maritime nation but is now a digitally interdependent maritime nation in a digital age. This is something new. Wall Street and the solvency of the Federal Reserve are nearly as reliant on foreign digital market transactions as they are on U.S. investments.  The nation’s most powerful and valuable firms are corporations with legal, digital, and human elements that span the world. And U.S. universities – the engine of digital and industrial ingenuity – are digitized global enterprises unto themselves.       

The significance for the sea services is dramatic. They need to think through how to secure America’s national innovation complex and defend its intellectual edge in a world of commoditized data and information. They merit collective contingencies to mobilize the industrial giants of the Fourth Industrial Revolution for sea power competition on behalf of America and our Allies. What will be the legal and financial terms under which the services of Amazon, Microsoft, Google, Apple, Space-X and others are commissioned should today’s contests turn to war? Is it time to reconsider standards and terms of selective service for the Digital Age? Do the sea services need new authorities to explore, resource, and test innovative concepts for burden sharing in the event of mobilization? In sum, there should be a strategy to articulate a national vision and lay the foundation for mobilizing a digitized America for the digitized contests on the horizon.

Time for Answers

These are the first of many questions the U.S. sea services should be asking, but the questions are just the start.  Collectively, the services need answers, and they need them fast in order to beat emergent maritime rivals to the future. Equally important, these answers must align across national maritime authorities – public and private, agencies and services, U.S. and Allied – to ensure they all get there together.

In short, they need a new U.S. maritime strategy for a digital age.

Frank Goertner is a Commander in the U.S. Navy. His most recent assignment was as a Strategic Planner for Future Fleet Design and Architecture in the Office of the Chief of Naval Operations, Future Strategy Branch. The views and opinions expressed are the author’s alone and do not represent the official position of the U.S. Navy, U.S. Department of Defense, or U.S. Government.

Featured Image: NATIONAL HARBOR, Md. (April 3, 2017) Vice Chief of Naval Operations (VCNO) Adm. William Moran, left, speaks at the 2017 Sea, Air and Space Exposition. Moran was joined by a panel including Assistant Commandant of the U.S. Marine Corps Gen. Glenn Walters, Vice Commandant of the U.S. Coast Guard Adm. Charles Michel, and Joel Szabat, executive director of Maritime Transportation, to discuss a “Sea Services Update” regarding today’s maritime environment. (U.S. Navy photo by Mass Communication Specialist 2nd Class Danian Douglas/Released)