Tag Archives: Innovation

Design Thinking for Military Advantage

In collaboration with U.S. Fleet Forces Command (USFFC) and Navy Cyber Defense Operations Command (NCDOC)

Introduction

The United States Navy has a proud tradition of mission accomplishment, regardless of the odds. From John Paul Jones taking the fight to the British shores aboard the Bonhomme Richard, to the hard-fought victories of the Pacific campaign, our naval service has been able to find the competitive advantage necessary to win. We have been fortunate that great people throughout our history have risen to the call when necessary. This long and storied list contains names such as Decatur, Preble, Farragut, Morton, Ellis, Puller, Hopper, and Halsey. The right person, with the right answer, at the right time— almost as if fate was on our side.

These larger-than-life figures make for compelling stories, but what if they were never born? What if these legends were not in the right place at the right time to save the day? What if the Navy fostered an environment wherein the creative problem solving, critical thought, and extreme ownership that called these legends to action were core competencies across the force? Imagine a force that spends less time prescribing exactly what to do and instead harnesses the power of the collective, a force where our competitive advantage is not simply people, but rather capable, empowered, and passionate teammates. We should develop teammates truly capable of leading us into the future because we are too comfortable reacting to the present.

To truly realize our potential, we must deliberately build upon our strong history and shape the ongoing cultural change across the force. We must make creative problem solving, critical thinking, and collective ownership core competencies, and go out of our way to enable teammates who reflect these traits. Our training pipeline and personnel system should reinforce those tenets. In the absence of that, or rather in parallel, we must focus on shaping culture at the unit level. This entails the creation of connective tissue across many efforts that seek the same outcomes to ensure scalability while creating new norms and delivering outcomes we have yet to imagine.

This article seeks to shine a light on the unnecessary level of risk aversion and bureaucracy in our organization, describe the fundamental principles behind design thinking and deckplate innovation, and share revealing examples of these principles in action at U.S. Fleet Forces Command (USFFC) and Navy Cyber Defense Operations Command (NCDOC). 

A Learning Navy

In the Design for Maintaining Maritime Superiority, the Chief of Naval Operations lays out numerous lines of effort as a vision and strategy for the Navy’s future. The green line of effort, which challenges the Navy to “apply the best concepts, techniques and technologies to accelerate learning as individuals, teams and organizations,” is being realized in an emerging grassroots movement which has taken the challenge to “set aspirational goals” and use a combination of critical thinking, lessons from history, and methods of human-centered design to encourage creativity and innovation to create advantage.

A sustainable competitive advantage is difficult to identify, and often results from an interwoven mass of tangible and intangible factors. Tangible resources are easy to identify and range from financial capital to physical assets like airplanes and ships. Intangible resources, while more difficult to quantify, may be the most valuable assets that an organization possesses. Human resources provide long-term exploitable skills, productive effort, and tacit knowledge that is difficult to replace and hard for competition to replicate. Personal and organizational experience builds tacit knowledge, and can be described as the collective know-how of a group. Organizations often struggle to quantify or pass on this knowledge through verbal or written communication.

In order to prevent stagnation, the Navy must become a learning organization. A learning organization continuously transforms itself by properly unleashing its people’s tacit knowledge. Throughout the rich history of the Navy, innovation and creativity have often ebbed and flowed. As Peter Senge points out in his book The Fifth Discipline, many successful learning organizations share a common vision, willingly challenge their own mental models, and encourage their people to seek personal mastery and engage in team learning. The results are the Googles, Facebooks, Ubers, and Warby Parkers of the world. This is not to say the Navy should model itself in the image of Facebook or Uber. Clearly the business model of fighting and winning our nation’s wars differs from that of social networking or crowdsourcing vehicular transportation. But just as many different corporations with different goals and models have embraced rapid learning to achieve maximum possible performance, so too can the Navy, and the first step in becoming a learning organization is admitting that you are not one.

Though many senior leaders may disagree, our Navy, as a whole, is not a true learning organization–at least not yet. Everyone needs to grow comfortable with a continuous departure from the status quo as the start of a new way of thinking. Through the combination of these ideas, an organization can leverage the knowledge and abilities across the spectrum of its constituents. The core competencies of creative problem solving, critical thinking, and collective ownership will help us break this mold. Our current system fails to assess, develop, or value these competencies. But unbeknownst to many, a deckplate revolution has commenced.

A Revolution in Thought and Action

This revolution continues to bring smart creatives from across the Navy together to create a movement. They focus on reimagining our culture as one founded on the aforementioned core competencies. This is where design thinking comes into play. Much contemporary writing focused on change references design thinking, but what is it exactly? Is it a perceived silver bullet from industry that the military is attempting to latch on to? A fleeting “buzzword” quickly forgotten? Hopefully not.

Design thinking is about embracing the combined knowledge within an organization for maximum possible performance. Creating solutions can be difficult, especially if you have not effectively defined the problem. Design thinking provides a process to focus efforts and achieve results. Though many techniques and tools differ, design thinking is rooted in four major elements: define the problem, divergent thinking, convergent thinking, and refine/execute.

NOSC San Jose Sailors engaged in a 45 minute divergent thinking exercise designed to capture ideas in order to address an opportunity statement provided by NOSC leadership. (Photo by LCDR Owen Morrissey)

Defining the problem is very easy to gloss over, but it can be the most important step. Are you solving the right problem or simply a symptom of a higher systemic impediment in your organization? Design thinking encourages approaching the problem from different perspectives to ensure you are still solving the correct or complete problem. Seek to ask why until you have worked past the easy answers and get to the truly hard question. Don’t just look for the simplest and most obvious solution, but seek as many different solutions as possible. Divergent thinking facilitates this concept, especially with many people working together. The goal is to diverge into as many ideas as possible, where the most opportunities appear when you are not constrained by finding the “best” solution. Think quantity over quality; many people can’t arrive at the right answer without fully embracing their comfort in the group or without pulling ideas from previous ‘bad’ examples.

After generating as many opportunities as possible, design thinking uses tools to group, merge, and then pare down the solutions until, through synthesis, converge on the best functional results. To higher leadership, this can be considered a catch-all in removing the ‘Good Idea Fairies’ from the group and allowing the best solution to bubble to the surface. This solution will be free of emotion and carries with it a vector towards positive change.

After arriving at a solution, seek refinement and development through basic prototyping. Design thinking provides tools to prototype solutions that seek to test the foundations of the idea rather than building a working physical product. This enables testing and further development with minimum resources. For higher levels of leadership, this may work towards an entire command or unit. When implemented from the ground-up – individuals, workcenters, divisions, and departments – this equates improvement across the spectrum.

After the solution has been refined, execute. Ideas without execution are meaningless. It takes action to bring an idea to fruition, and without that action, design thinking is truly just the latest “buzzword” spoken in an echo chamber.

Leadership’s Role

Upon the conclusion of the event, the collaboration and support of the participant’s leadership is necessary to promote the success of these young leaders by providing them with time, trust, and top cover. These core aspects drive the successful engagement of our young Sailors and Marines, and inspire every ounce of our commitment and progress. Without them, we don’t have the perspective to see beyond our silo of thought. The relationship between leadership’s time, trust, and top cover and rank and file empowerment defines the success or failure in the leader-led relationship. All of the time and trust in the world does nothing if you don’t have someone blocking for you along the way. Conversely, there is no top cover that someone can give you that would produce results without the adequate time and trust that goes along with it.

The illuminate Th!nkshop at Fleet Forces

Officers assigned to SEVENTH Fleet in Yokosuka participate in an executive course collaboration exercise focused on developing rapid prototypes in order to gain perspective of the Illuminate effort. (Photo by LCDR Owen Morrissey)

The illuminate initiative at Fleet Forces Command is one grassroots program bringing design thinking courses to Sailors and Marines. Turning the traditional paradigm of learning on its head, they encourage shrugging off bureaucracy, taking ownership, and focusing entirely on problem-solving and process improvement as opposed to passively receiving top-down innovation initiatives. Based in the concepts of design thinking, the Th!nkshops seek to identify solutions through a process of divergent and convergent thinking, coupled with the critical thought and positive mindset vital to the process itself. 

Like many other organizations in this grassroots movement, illuminate champions the fact that the foundations, objectives, materials, and format are designed and taught by a small team of active duty Sailors and Marines. Led by a passionate group of individuals, the course has already made a difference across the Navy. These efforts have primed the pump of an ad-hoc network of like-minded Sailors and Marines that seek to collaborate and achieve results. With the right resources and an expanded inventory of design thinking and organizational learning methods at their disposal, this network could move from an ad-hoc group of facilitators to a connected group of command sponsored representatives that will achieve maximum performance across the Navy.

Refining The Process

Getting the Th!nkshop pilot off the ground would not have occurred without an incubation phase. Illuminate needed people to iterate and a laboratory to experiment in order to refine the course. Enter Navy Cyber Defense Operations Command (NCDOC). The Echelon IV command participated in numerous iteration sessions  and helped develop the Th!nkshop curriculum.  Throughout this process, NCDOC personnel received personal and professional development training and provided candid feedback to the illuminate facilitators. The USFFC Th!nkshop facilitators refined the course based on the feedback. This cycle of iteration, development, and growth continued for several months. As a result, NCDOC adopted and launched its own chapter of illuminate utilizing their own in-house facilitators, while USFFC simultaneously began to spread illuminate across the naval enterprise. 

Since leaving NCDOC in December 2016, USFFC has impacted numerous commands. These include more than 40 commands at Seventh Fleet (C7F), Space and Naval Warfare Systems Command (SPAWAR), Southwest Regional Maintenance Center (SWRMC), and Naval Operations Support Center (NOSC) San Jose. They are scheduled to travel this summer to NOSC Dallas, East and West Coast Submarine Forces, SWRMC, and SPAWAR. They also conduct a series of Th!nkshops in Norfolk where they have trained Naval Expeditionary Combat Command (NECC), Fleet Readiness Center Mid-Atlantic (FRCMA), National Guard, Reserve Forces (RESFOR), and Naval Information Forces (NAVIFOR); summer plans include OPTEVFOR (Commander Operational Test & Evaluation Force), Transient Personnel Unit (TPU), Explosive Ordnance Disposal Mobile Unit (EODMU) 12, and Special Boat Team 20.

NCDOC’s support and assistance provided the fertile ground for the Th!nkshops to blossom from an amazing idea to a training mechanism directly impacting Sailors and Marines. Their partnership laid the foundations for illuminate to scale across the fleet.

The NCDOC Experience

The time, trust, and top cover of a trusted ally provided the fertile ground for the illuminate Th!nkshops to grow and develop. In its early phases, illuminate took root at Navy Cyber Defense Operations Command (NCDOC). But long before opening their makerspace for Th!nkshop incubation and refinement, NCDOC began a deliberate culture shaping journey. A journey as unique as their mission; one that continues to make them the Navy’s “Purple Cow,” to borrow a term from Seth Godin.

They don’t use a Command Assessment Team to assess climate, they have a Culture Club that shapes culture. They use a 360-degree hiring panel to select new civilian teammates, and conduct 360-degree feedback for all E-7 and above as well as supervisory civilians. They have shaped a culture that truly combines the power of the 21st century mindset with the best of our strong Navy tradition. The foundational experience among NCDOC Teammates is their tailored version of the illuminate Th!nkshop, which is integrated within their 100 Day Onboarding process. Over the last few months, the Th!nkshop alums have reinvented peer recognition, reimagined mentorship using the NFL draft as the model, developed a locator tool to navigate their building, crafted a New Teammate Handbook using Valve’s New Employee Handbook as inspiration, redesigned their next Command Climate Survey, and directly leveraged design thinking to reorient operational execution.

The most visible evidence of the significant culture shift at NCDOC is the aforementioned New Teammate Handbook. It not only serves as a vehicle to reinforce their ongoing commitment to culture-shaping initiatives, it also serves as an example of how the public sector must both lead and engage if they are to give Smart Creatives reason to join the team.

The formatting of the handbook is not what you would expect from a government organization and neither are the words contained within. Everything from the internally developed Waypoints that articulate shared behavior across the NCDOC team, to the “Allowed To” list that compels all teammates to be “Doers,” speaks to a team that truly values competence, collaboration, and character. And because words are hollow when not supported by action, one need only watch their Innovation Cross Functional Team coach “Idea
Champions” at all ranks through the process of making their ideas reality to see that the “Doer” philosophy runs deep across the team and produces results.”

NCDOC’s New Teammate Handbook (Click to read)

NCDOC serves as a visible example that it’s not about the Th!nkshop itself; it’s about the culture it fosters and the operational outcomes that a culture of creative problem solving, critical thinking, and collective ownership generates. The NCDOC team interacts differently than any other within the Navy. Their spaces are different from any other within the Navy, and their approach to just about everything is different from any other within the Navy. It’s not about being different for the sake of being different, but rather about caring enough to question everything, to allow expertise to trump rank, and to prioritize long-term significance over short term success. NCDOC is a prime example of how a sustained commitment to facilitating Th!nkshops impacts thinking, doing, and mission accomplishment at the unit level. A Th!nkshop experience may leave you inspired to do more, but without the visible commitment to the tenets it teaches by leaders at every level, you will quickly be reminded of the short shelf-life of inspiration.

The Future

The work at USFF and NCDOC is not Navy-mandated, but simply the result of some forward-thinking minds within the Navy and Marine Corps, the desire to make a difference, and the opportunity to do so. Th!nkshops have inspired many, but we measure impact by our ability to sustain and scale the transformation ignited to date. Th!nkshops alone won’t generate the outcomes we need; command triads committed to culture shaping and helping each teammate realize their potential will. We offer our Th!nkshops as a vehicle to kickstart local initiatives, and welcome the opportunity to partner with units across the Navy. These partnerships grow and strengthen our network of leaders committed to creating an environment that affords us the opportunity to evolve into a true learning organization. This environment not only ensures great ideas are prevalent, but as our Chief of Naval Operations has made clear, allows us to turn those ideas into something real.

Contact us below for more information on how you can be a part of the Th!nkshop movement.

LCDR Owen Morrissey and LT John Hawley are currently assigned to USFFC in support of the CNO’s Design for Maintaining Maritime Superiority. They can be contacted at owen.morrissey@navy.mil for executive engagement and john.w.hawley@navy.mil for more information and to schedule an illuminate thinkshop. For more information on the NCDOC state of mind, contact Dr. Rebecca Siders at rsiders@ncdoc.navy.mil

Featured Image: Sailors assigned to NOSC San Jose participate in a rapid ideation session during a reserve drill weekend. (Photo by LCDR Owen Morrissey) 

Innovative Leadership Development: Why and How

Leadership Development Topic Week

By Joe Schuman

Introduction

What makes a leader? According to the Navy Leadership Development Framework (NLDF), effective leaders demonstrate qualities such as humility, honor, courage, commitment, integrity, and accountability. While few would disagree that these character traits are necessary for Navy leaders to be successful, the rapidly changing security environment of the 21st century makes it such that these skills are not sufficient. If the Navy is serious about producing leaders who will be “ready for decisive operations and combat,” it must place a stronger emphasis on promoting innovation throughout its leadership development process as a whole.

The definition of “innovate,” according to the Oxford English Dictionary, is “to make changes in something established, especially by introducing new methods, ideas, or products.” Innovation, therefore, is essentially a problem solving technique, which can be applied to any number of problem areas – technical, policy, process, and more. Note that innovation is not limited to technological innovation and is distinct from invention – the creation of a new technology. In the context of leadership development, an innovative leader is someone who is forward-leaning, willing to challenge the status quo, and possesses the ability to create value in new ways for the organization to which they belong.

Innovation as a Necessary Warfighting Attribute

Interestingly, the NLDF clearly recognizes the need for innovative leadership. The opening sentence states, “our Navy’s operational and warfighting success requires that we be ready to prevail in an environment that is changing quickly and becoming more complex.” Changing and complex problems cannot be addressed in the same manner as stagnant and simple problems, as the NLDF acknowledges when it stresses the importance of leaders who will “learn and adapt.” Nonetheless, the NLDF falls short of identifying innovation as a critical leadership quality. While the NLDF briefly notes the need for “initiative” and “creativity” in Navy leadership, innovation is only mentioned once within the entire document. In the “Developing Character” section, the NLDF notes that leaders should participate in “innovation opportunities.” Strikingly, this passing reference is included under “self-guided study,” not within the professional education or on-the-job training sub-sections, and is completely excluded from the “Developing Competence” section, as if innovation is not relevant to the competence of a Navy leader.

The deafening silence of the NLDF in regards to innovation is at odds with the military’s own history of innovative leadership. After the Normandy invasion in 1944, for example, American troops found that hedgerows frequently channeled them into ambushes. After discovering that the hedgerows were too thick to cut or drive through, American soldiers designed and welded a mechanism onto the front of their tanks that could successfully cut through the bushes.1 Innovation has historically also taken place on a larger scale. During the interwar period between WWI and WWII, exercises and wargaming at the Naval War College were used to inform actual decisions at the fleet level, which in turn informed the next round of exercises at the War College in an iterative loop. This ideation and testing process was not used to justify current doctrine but, rather, to reveal unanswered questions and possible solutions.2

Innovative leadership has proven its worth in recent conflicts as well. When National Security Advisor, Lt. Gen. H. R. McMaster, took command of the 3rd Armored Cavalry Regiment, he immediately changed a number of policies in order to better align his regiment’s operation with his own view (which was less accepted at the time) that “the key to counterinsurgency is focusing on the people.” McMaster took concrete steps to this end, banning the use of the term “haji,” mandating cultural understanding education for his troops, and setting up a system to poll detainees on how well they were being treated. As a result of these changes, trust began to develop between U.S. troops and locals which, in turn, resulted in thousands of Iraqis signing up to join the local police forces while preventative tips about insurgent activity surged. In the final analysis, because of McMaster’s innovations, U.S. military experts concluded that the 3rd ACR had conducting the best counterinsurgency among similar units operating in Iraq in 2005.3 

Innovation also takes place on a smaller scale. For example, Chief Sonar Technician Benjamin Lebron, of the USS Fitzgerald, changed the way his division analyzes sonar data. Recognizing that he was spending a majority of his time constructing plots during Target Motion Analysis (TMA), Lebron created a TMA tactical decision aid, first in Excel, and then in HTML and javascript,4 that can spot sonar returns that look like submarine movements in real time. Now, Lebron’s code automates the redundant portions of his work, allowing him to focus on analyzing the relevant information instead of spending time drawing it, and, since it is web based, is easily scalable across the fleet.5

Although the aforementioned cases are promising, they are unfortunately the exception and not the rule. And while innovative military leadership has always been important, the increasingly rapid pace of technological innovation and ever-evolving face of conflict place a higher premium on innovative leadership than ever before. Joseph Thomas, Distinguished Military Professor of Leadership at the U.S. Naval Academy, notes that  the current military environment, “calls for skill sets more consistent with the leadership of Lewis and Clark than Patton,” yet, “the military education and training structure that produced Patton remains virtually unchanged.” Thomas continues: “If the current and future battlefield can be characterized by an uncertain, non-uniform enemy, vague and rapidly changing missions, cultural sensitivity of warfighters, and a chaotic environment, then leadership development models crafted when there was a certain and predictable enemy, set leadership roles, and a proscribed methods of fighting must be changed.”6

Innovation Competencies

How, then, should the Navy promote the development of innovative leaders within its ranks? The key to answering this question is to understand the factors that influence the innovative competency of organizations as a whole and, by inference, determine the skills and qualities that leaders of these organizations need to posses. Building off the “Entrepreneurial Competency” framework proposed by Bharat Rao and Bala Mulloth in their paper “The Role of Universities in Encouraging Growth of Technology-Based New Ventures,” four competencies of innovative organizations emerge: (i) Opportunity Development, (ii) Championing, (iii) Resource Leveraging, and (iv) Location Leveraging.7 These qualities are essential for creating innovative organizations, and, as such, innovative leadership development programs must create leaders who can contribute to their organizations in these capacities. In the subsequent paragraphs, the MD5 National Security Technology Accelerator, a public-private partnership between the Department of Defense (DoD) and a network of national research universities that seeks to reinvigorate civil-military technology collaboration, will be used as a case study to illustrate examples of leadership development programs within Rao and Mulloth’s entrepreneurial competency framework.

The Opportunity Development Competency is defined as “the need to develop a viable business opportunity” in the context of university entrepreneurialism. It is related to “the knowledge and experience of the individual researcher,” which yields an “opportunity recognition capacity” in such individuals.In the context of the Navy, the Opportunity Development Competency requires individuals to (a) posses the methodological tools to frame problems, develop concepts, and make actionable recommendations and then (b) be exposed to new problems to which they can apply these skills. As such, in order to improve the innovative capacity of the Navy, Navy leadership development must (a) promote these skills and (b) create opportunities for the utilization of these skills.

One MD5 program, MD5 Bootcamp, serves as an example of the type of program that the Navy might want to consider implementing more broadly in order to foster the Opportunity Development Competency in its leaders. MD5 Bootcamp is a weeklong intensive education program that was first piloted in November 2016 with United States Pacific Fleet (PACFLT). It provides Navy leaders with the tools for problem framing and solving through a variety of lessons on topics such as design thinking and Lean Startup Methodology, and then encourages the application of these skills through exercises such as co-creation sessions. Future Navy programming should build off the success of MD5 Bootcamp in their professional education schools and formal on-the-job training.

The Championing Competency, in the context of university entrepreneurship, is defined as “the need for championing individuals who provide meaning and energy to the entrepreneurial process.”9 Champions are critical for promoting new ventures to relevant stakeholders, particularly at the early stages of venture development. Given the hierarchical structure of the military, the Championing Competency is even more important. Since innovation works best from the bottom-up, in contrast to the top-down structure of the military, the Navy must develop leaders at all levels who are willing to champion innovative ideas and push the limits of military hierarchy.

MD5 has made efforts to promote the Championing Competency within senior officers through classes like the Adaptive & Agile Leadership Network (AALN) at the National Defense University, which is an elective course that introduces agile-leadership approaches to innovation to mid-career military members. Other organizations, such as The Athena Project, which aims to harness grassroots innovations within the Navy through pitch events and mentoring, focus on creating innovators at the enlisted and junior officer levels. In combination, programs like AALN and The Athena Project create both innovation champions at the senior levels who subsequently promote innovation opportunities within their ranks, and innovators at the lower levels who champion their own ideas.

The Resource Leveraging Competency is defined as “the need to access the resources necessary to develop the new venture.” Rao and Mulloth note that the likelihood of launching university spin-offs increases as researchers have more access to facilities, financial resources, knowledge resources (e.g., intellectual property), and social capital resources.10 This competency is fairly analogous in the context of the Navy. Military leadership must, after recognizing an innovative opportunity, provide resources and access to promising ideas and personnel. Such resource leveraging may be within the purview of a given Sailor or their chain of command, or it may require the aforementioned championing competency to secure resources from higher levels of leadership.

Jay Harrison, André Gudger, Katepalli Sreenivasan and Capt. Chris Wood (l-r) take questions from the audience to kick off the MD5 hackathon. (Courtesy photo)

MD5 has several efforts that encourage resource leveraging. MD5.net, for example, is a web-based platform that allows for the crowdsourcing, vetting, synthesis, and promulgation of problems, solutions, IP, and other innovation-enabling resources. Once fully operational, MD5.net will allow for resource leveraging between internal Navy and DoD innovators as well as civilian entrepreneurs. Other MD5 programs, such as the Proof of Concept Center and the University of Southern Mississippi, which provides digital design and manufacturing resources in support of distributed prototyping, and projected programs, such as MD5 Lab, which will provide innovators with prototyping and experimentation resources, aim to support this resource leveraging competency as well. The Navy must not only utilize existing tools and create similar programs for themselves, but also instruct leaders on how best to leverage both internal and external resources for the innovators within their ranks.

Lastly, the fourth and final competency, the Location Leveraging Competency, is defined as “the need to locate the new venture in the right ecosystem and support infrastructure.”11 In the context of Navy innovation and leadership development, the principal lesson from this competency is that the best ideas today don’t always live inside DoD and as such Navy leaders must be willing to work with non-traditional partners, especially the private sector.

MD5 Hack, a portfolio of hackathon events that brings together practitioners, technologists, and military members over a weekend to build prototypes, is built upon this principle. It is no coincidence that MD5 Hack has taken place in New York City and Austin, TX, and is going to be run in Boston, MA, as these cities harbor some of the best tech talent in the U.S., who bring their expertise to MD5 Hackathons to solve real DoD problems. Efforts such as DIUx, which has outposts in San Francisco, Austin, and Boston, also recognize the importance of the Location Leveraging Competency to solving DoD problems. Navy leadership must be willing to work with new partners through non-traditional approaches; Navy leadership development, therefore, must teach leaders to be willing to attempt new problem solving methods, particularly those that leverage the private sector.

Conclusion

Charles Darwin noted, “It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.” Yet, innovation is not considered a relevant leadership quality in the NLDF despite the clear need for innovative leaders in today’s conflicts. The Navy should be cautious not to bureaucratize innovation from the top-down and can do so by following Rao and Mulloth’s framework. And while current MD5 efforts represent positive progress towards the creation of the next generation of innovative leaders, these efforts will not be sufficient on their own. The Navy, and the DoD as a whole, must incorporate innovative leadership development into its standard leadership development programming. Such efforts can tie in with other promising programs and initiatives, such as the Chief of Naval Operation’s High Velocity Learning initiative.12 If done correctly, the Navy will empower the next generation of leaders to solve problems on their own, improving military effectiveness and success. If not, to adapt Roger Misso’s message, without innovative leadership, Alas Our Navy! 

Joe Schuman is currently a Research Assistant at the MD5 National Security Technology Accelerator. Prior to MD5, Joe is a graduate from the Massachusetts Institute of Technology (MIT) where he studied Mechanical Engineering and Political Science. Joe also attended St. Peter’s College at the University of Oxford as a visiting student, where he studied Engineering Science as well as Philosophy, Politics, and Economics (PPE). Readers wishing to learn more about the MD5 National Security Technology Accelerator should contact Joe Schuman at joseph.schuman@gc.ndu.edu. 

The views and opinions expressed in this article are those of the author and do not necessarily reflect the official policy or position of any agency of the U.S. government. 

References

1. Tim Kane, “Why Our Best Officers Are Leaving,” The Atlantic, February 2011. Retrieved from https://www.theatlantic.com/magazine/archive/2011/01/why-our-best-officers-are-leaving/308346/.

2. Williamson Murray, “Innovation: Past and Future,” Joint Force Quarterly, Summer 1996.

3. Thomas E. Ricks, Fiasco: The American Military Adventure in Iraq (New York: Penguin Books, 2006).

4. “The A. Bryan Lasswell Award for Fleet Support,” National Defense Industrial Association. Retrieved from http://www.ndia-sd.org/wp-content/uploads/2017/01/LasswellAwards2015Program.pdf

5. Meghann Myers, “Top sailor innovations win big prizes,” Navy Times, March 2016. Retrieved from https://www.navytimes.com/story/military/2016/03/13/award-winning-ideas-navys-top-innovators/81443614/

6. Joseph J. Thomas, “Leader Development in the US Department of Defense: A Brief Historical Review and Assessment for the Future,” The ADM James B. Stockdale Center for Ethical Leadership – United States Naval Academy. Retrieved from https://www.usna.edu/Ethics/_files/documents/Leader%20Development%20History%20Thomas.pdf

7. Bharat Rao and Bala Mulloth, “The Role of Universities in Encouraging Growth of Technology-Based New Ventures,” International Journal of Innovation and Technology Management 14(4), January 2017.

8. Ibid.

9. Ibid.

10. Ibid.

11. Ibid.

12. John M. Richardson, “A Design for Maintaining Maritime Superiority,” January 2016. Retrieved from http://www.navy.mil/cno/docs/cno_stg.pdf

Featured Image: U.S. Navy lieutenant speaks before sailors. (U.S. Navy photo)

Embracing Creativity: A Leadership Challenge

Leadership Development Topic Week

By David Andre

“It’s not uncommon for discussions of competence and character to put the matters of creativity and compliance in tension…”Admiral John Richardson, Chief of Naval Operations

In January 2017, Chief of Naval Operations Admiral John Richardson, released the Navy Leader Development Frameworkoutlining how the United States Navy will develop future leaders capable of meeting the challenges of a rapidly changing and complex world. The framework recognizes three values that are integral to developing leadership — compliance, creativity, and character. Of the three values, creativity represents the biggest challenge to naval leadership. It is challenging because it defies easy characterization and represents a divergence from the traditional values associated with developing Naval leadership. While there is an institutional framework and culture that develops, values, and supports compliance and character from seaman to admiral, the same cannot be said of creativity. Certainly creativity has always existed within the Navy, but until recently, it was not recognized as an integral value of leadership. Placing it on the same level as compliance and character requires change. And balancing the tension that exists between these values is one of the biggest challenges facing the Navy.

Creativity is More than just Being Different

In order to effectively harness creativity leaders must clearly understand what creativity is and how it differs from more traditional naval leadership values. Naval leaders are accustomed to dealing with issues of compliance and character. These values are well-defined within the Navy’s core values and evaluation process and feature prominently throughout a sailor’s career, regardless of rating or community. Naval culture views compliance and character dichotomously — one has either complied or not; one either has good character or not. In both instances, success and failure are easily identifiable. Leaders and followers feel comfortable using these metrics as ranking tools.

Creativity — using imagination or original ideas to create something — defies such simple characterization. Creativity is different; it is subjective and exists on a spectrum not seen with compliance and character. Creativity courts risk, is not easily manageable, and often results in failure. It follows that creativity will likely be costly in terms of resources and egos — there’s rarely an immediate payoff in any tangible terms. However costly, creativity and the innovation it sparks holds the key to developing future leaders that are adaptable. The creative mind holds multiple perspectives simultaneously. As such, creative decision-making produces more options, thereby increasing the likelihood of success. This idea is the bedrock for the SECNAV’s Naval Innovation Network, which seeks to bring together disparate ideas from across the ranks in the hopes of fostering creativity.

Establish a Direct Relationship with Creativity

While acknowledging the importance of creativity is important, leaders need to take concrete actions that encourage and make effective use of that creativity. The difficulty for today’s leaders is how to cultivate that creative environment for leaders and followers within an organization that traditionally measures success and failure objectively. Doing so requires adjustments to the way in which the organization reacts to failure and the way compliance and character are typically measured. These changes need to occur vertically as well as horizontally because, like character and compliance, when properly cultivated creativity is infectious. 

Making creativity an effective part of the Navy’s leadership model presents some practical challenges. These challenges range from the bureaucratic to the operational and vary from community to community. While forward-leaning leaders speak of thinking outside the box, enlarging the box, or thinking like there is no box, the words can be difficult to translate into action. That is primarily because these well-intentioned challenges to become creative thinkers rarely address the practical limitations that box sailors in every day. From evaluation cycles and ranking boards to tour lengths and qualifications, the personnel organization of the Navy was not designed with creativity in mind. The bureaucracy, when coupled with operational tempos, stifles creativity; sailors simply don’t have the time or luxury to be creative. However, creativity must have time and room to flourish.

Creating this time and space within the disciplined constraints of the Navy is the primary issue facing today’s deckplate leaders. To meet this challenge, these leaders need to move beyond encouraging creativity and provide defined pathways through the bureaucracy and operational tempo. To create these pathways, it is essential that leaders first acknowledge the limitations and potential of creativity. Acknowledging limitations and potential allows leaders to adopt the CNOs line of effort toward High Velocity Learning, whereby leaders strive to accelerate learning through the adoption of the “best concepts, techniques, and technologies.” In doing so, leaders can set aspirational goals while ensuring that creativity yields results and is not wasted time.  

Foremost, leaders need to identify where and when to tolerate creativity within their particular missions. A sailor performing a Planned Maintenance System (PMS) check is not an acceptable time for encouraging creativity. Yet, a junior officer conducting Theater Security Cooperation (TSC) activities or an Information Systems Technician identifying systems installations onboard a new platform could flourish in a creative environment. Making these differences clear to subordinates will set the stage for creativity to become an effective tool. Meanwhile, adapting processes outlined in the model of high velocity learning that embolden innovation and creativity will leave sailors feeling confident in exercising their creativity, while leaders will feel confident encouraging creativity.

EAST CHINA SEA (Aug. 11, 2016) – Ens. Benjamin Paddock, from Gainesville, Fla., gives a tour of the amphibious transport dock ship USS Green Bay’s (LPD 20) vehicle storage area to Republic of Korea (ROK) midshipmen. (U.S. Navy photo by Mass Communication Specialist 1st Class Chris Williamson/Released)

Along with creating an environment conducive for creativity, leaders need to establish a balance between creativity and compliance. In many practical ways, creativity opposes the Navy’s concept of compliance. By its nature, creativity eschews following the standard rules as it searches for new and innovative ways to achieve something. Resolving the tension that exists between these values will involve sustained involvement from leadership. The CNO’s guidance makes specific mention of the tension created when the notions of competence and character meet the principles of creativity and compliance. Within this tension lies the potential for failure. There’s an immediate danger in too much creativity and not enough compliance, but there’s a long-term danger in too much compliance and not enough creativity.

Moving Past the Fear of Failure

Perhaps the greatest impediment to embracing creativity is the potential for failure. Fear of failure does more to stifle creativity than any bureaucracy or operational tempo ever can. The fear manifests itself in two distinct ways: individual and institutional. There is the individual fear that people have of failure and the repercussions of failure. And then there is the institutional fear that comes from the reticence that peers and leaders have of acknowledging failure in others. While each begets the other, it is important not to conflate the two because they come from different places and, thus, need different solutions. Institutional failure is abstract, while individual failure is personal. Studies show that followers who fear failure focus on that fear rather than the task, while leaders who fear failures tend to ignore the failures. In both instances, people lose the ability to learn lessons.

Therefore, mandating reforms to foster an institutional environment that embraces failure is only one part of the equation. The individual must also be convinced of the need to accept and learn from failure, which involves a more nuanced approach. To change the attitude sailors have toward failing the Navy must introduce the concept of failureship. Like the name implies, failureship is the ability to fail; and like leadership, it is a learned concept. Considering the relationship that people have with failure, learning to fail constructively is an important lesson for new sailors. Unfortunately, it’s a lesson that the Navy spends little time teaching.

Navy culture encourages success at every stage, and rightly so, because lives often depend on that success. The Navy cites historical examples of battles won and lost, each replete with astounding examples of sailors overcoming staggering odds and arduous circumstances to rise to the occasion. The CNO’s Professional Reading Program is replete with these stories of heroism. Often overlooked within these stories are examples of creativity—sailors taking chances when there’s nothing else to lose. While these tales illustrate that creativity can lead to success, there’s a deeper, less obvious lesson. That is, too often creativity is treated as a last-ditch effort, that failure is an acceptable outcome when there’s nothing else to lose. It is time to recognize that, in the proper context, creativity and failure will promote success. Creativity does not need to be reactive; it has a preventative dimension. It’s time to move failure to the forefront.

To promote this thinking, the discussion needs to move beyond mere acceptance of failure. It needs to move into a realm where leaders encourage failure and followers embrace the lessons of failure. Instead of getting over failure we need to rally around failure. As the aphorism goes: someone who’s never failed has never tried. Discussions of failure need to move from the posters and books and into wardrooms, messes, and galleys. This involves a paradigm shift in how the Navy treats failure. Unlike success, where we champion and personalize the effects, we take a distanced approach to failure. Failure, when accepted, is something that happens to others. Aside from these cultural biases, failure has psychological limitations—people have a tough time dealing with failure. For some, anonymity may encourage creativity, for others, the motivation to be creative may come from the promise of rewards. Despite these differences, the underlying premise remains the same—leaders must look for ways to foster creativity within themselves and their subordinates.

Conclusion

For good reason, the Navy has long promoted successful execution over thoughtful rumination. However, global forces are at work today that require a paradigm shift in the way the Navy develops future leaders. To remain on the cutting edge, keep the brightest talent, and sustain the element of surprise, the Navy needs to cultivate a culture that believes in the value of failure, adopts an organizational behavior that encourages creative minds, and balances the application of creativity with its practical limitations. After all, creativity embodies the Navy’s core values: it takes honor to try, courage to fail, and commitment to overcome failure.

While incorporating creativity into leadership development presents challenges, the good news is that the Navy already possesses many strengths and initiatives to leverage the creative spirit. From traditional concepts like intrusive leadership to new proposals like career sabbaticals and the Tours with Industry program, the Navy is well poised to begin developing creative leaders. The diversity of the Navy’s workforce is another key component that will bolster creativity through exchanging ideas and experiences. As the Navy strives to innovate and overcome, developing and sustaining creative thinkers will determine the future course.

LT David M. Andre is a former Intelligence Specialist, has served as an Intelligence Officer and Liaison Officer assigned to AFRICOM and is a graduate of the Naval Postgraduate School. He is currently serving as N2 for COMDESRON Seven in Singapore. He can be reached at DMA.USN@gmail.com. The views expressed above are his own and do not reflect the official views and are not endorsed by the United States Navy, the Department of the Navy, the Department of Defense, or any other body of the United States Government.

Featured Image: February 7, 2017. A warfare tactics instructor speaks before sailors. (U.S. Navy photo)

A Cyber Vulnerability Assessment of the U.S. Navy in the 21st Century

By Travis Howard and José de Arimatéia da Cruz

Introduction

The United States Navy is a vast, worldwide organization with unique missions and challenges, with information security (and information warfare at large) a key priority within the Chief of Naval Operations’ strategic design. With over 320,000 active duty personnel, 274 ships with over 20 percent of them deployed across the world at any one time, the Navy’s ability to securely communicate across the globe to its forces is crucial to its mission. In this age of rapid technological growth and the ever expanding internet of things, information security is a primary consideration in the minds of senior leadership of every global organization. The Navy is no different, and success or failure impacts far more than a stock price.

Indeed, an entire sub-community of professional officers and enlisted personnel are dedicated to this domain of information warfare. The great warrior-philosopher Sun Tzu said “one who knows the enemy and knows himself will not be endangered in a hundred engagements.” The Navy must understand the enemy, but also understand its own limitations and vulnerabilities, and develop suitable strategies to combat them. Thankfully, strategy and policy are core competencies of military leadership, and although information warfare may be replete with new technology, it conceptually remains warfare and thus can be understood, adapted, and exploited by the military mind.

This paper presents a high-level, unclassified overview of threats and vulnerabilities surrounding the U.S. Navy’s network systems and operations in cyberspace. Several threats are identified to include nation states, non-state actors, and insider threats. Additionally, vulnerabilities are presented such as outdated network infrastructure, unique networking challenges present aboard ships at sea, and inadequate operating practices. Technical security measures that the Navy uses to thwart these threats and mitigate these vulnerabilities are also presented. Current U.S. Navy information security policies are analyzed, and a potential security strategy is presented that better protects the fleet from the before-mentioned cyber threats, mitigates vulnerabilities, and aligns with current federal government mandates.

Navy Network Threats and Vulnerabilities

There are several cyber threats that the Navy continues to face when conducting information operations in cyberspace. Attacks against DoD networks are relentless, with 30 million known malicious intrusions occurring on DoD networks over a ten-month period in 2015. Of principal importance to the U.S. intelligence apparatus are nation states that conduct espionage against U.S. interests. In cyberspace, the Navy contests with rival nations such as Russia, China, Iran, and North Korea, and all are developing their own information warfare capabilities and information dominance strategies. These nations, still in various stages of competency in the information warfare domain, continue to show interest in exploiting the Navy’s networks to conduct espionage operations, either by stealing information and technical data on fleet operations or preventing the Navy from taking advantage of information capabilities.

Non-state actors also threaten naval networks. Organized activist groups known collectively as “hacktivists,” with no centralized command and control structure and dubious, fickle motivations, present a threat to naval cyberspace operations if their goals are properly aligned. In 2012, Navy officials discovered hacktivists from the group “Team Digi7al” had infiltrated the Navy’s Smart Web Move website, extracting personal data from almost 220,000 service members, and has been accused of more than two dozen additional attacks on government systems from 2012 to 2013. The hactivist group boasted of their exploits over social media, citing political reasons but also indicated they did it for recreation as well. Individual hackers, criminal organizations, and terrorist groups are also non-state threat actors, seeking to probe naval networks for vulnerabilities that can be exploited to their own ends. All of these threats, state or non-state actors, follow what the Department of Defense (DoD) calls the “cyber kill chain,” depicted in figure 1. Once objectives are defined, the attacker follows the general framework from discovery to probing, penetrating then escalating user privileges, expanding their attack, persisting through defenses, finally executing their exploit to achieve their objective.

Figure 1. Navy depiction of the “cyber kill chain

One of the Navy’s most closely-watched threat sources is the insider threat. Liang and Biros, researchers at Oklahoma State University, define this threat as “an insider’s action that puts an organization or its resources at risk.” This is a broad definition but adequately captures the scope, as an insider could be either malicious (unlikely but possible, with recent examples) or unintentional (more likely and often overlooked).

The previously-mentioned Team Digi7al hactivist group’s leader was discovered to be a U.S. Navy enlisted Sailor, Petty Officer Nicholas Knight, a system administrator within the reactor department aboard USS HARRY S TRUMAN (CVN 75). Knight used his inside knowledge of Navy and government systems to his group’s benefit, and was apprehended in 2013 by the Navy Criminal Investigative Service and later sentenced to 24 months in prison and a dishonorable discharge from Naval service.

Presidential Executive Order 13587, signed in 2011 to improve federal classified network security, further defines an insider threat as “a person with authorized access who uses that access to harm national security.”  Malevolence aside, the insider threat is particularly perilous because these actors, by virtue of their position within the organization, have already bypassed many of the technical controls and cyber defenses that are designed to defeat external threats. These insiders can cause irreparable harm to national security and the Navy’s interests in cyberspace. This has been demonstrated by the Walker-Whitworth espionage case in the 1980s, Private Manning in the latter 2000s, or the very recent Edward Snowden/NSA disclosure incidents.

The Navy’s vulnerabilities, both inherent to its nature and as a result of its technological advances, are likewise troubling. In his 2016 strategic design, Chief of Naval Operations Admiral John M. Richardson stated that “the forces at play in the maritime system, the force of the information system, and the force of technology entering the environment – and the interplay between them have profound implications for the United States Navy.” Without going into classified details or technical errata, the Navy’s efforts to secure its networks are continuously hampered by a number of factors which allow these threats a broad attack surface from which to choose.

As the previous Chief of Naval Operations (CNO), Admiral Jon Greenert describes in 2012, Navy platforms depend on networked systems for command and control: “Practically all major systems on ships, aircraft, submarines, and unmanned vehicles are ‘networked’ to some degree.” The continual reliance on position, navigation, and timing (PNT) systems, such as the spoofing and jamming-vulnerable Global Positioning System (GPS) satellite constellation for navigation and precision weapons, is likewise a technical vulnerability. An internet search on this subject reveals multiple scholarly and journalist works on these vulnerabilities, and more than a few describe how to exploit them for very little financial investment, making them potentially cheap attack vectors.

Even the Navy’s vast size and scope of its networks present a vulnerability to its interests in cyberspace. As of 2006, the Navy and Marine Corps Intranet (NMCI), a Government Owned-Contractor Operated (GOCO) network that connects Navy and Marine Corps CONUS shore commands under a centralized architecture, is “the world’s largest, most secure private network serving more than 500,000 sailors and marines globally.” That number has likely grown in the 10 years since that statistic was published, and even though the name has been changed to the Navy’s Next Generation Network (NGEN), it is still the same large beast it was before, and remains one of the single largest network architectures operating worldwide. Such a network provides an enticing target.

Technical Security Measures and Controls

The Navy employs the full litany of technical cybersecurity controls across the naval network enterprise, afloat and ashore. Technical controls include host level protection through the use of McAfee’s Host Based Security System (HBSS), designed specifically for the Navy to provide technical controls at the host (workstation and server) level. Network controls include network firewalls, intrusion detection and prevention systems (IDS/IPS), security information and event management, continuous monitoring, boundary protection, and defense-in-depth functional implementation architecture. Anti-virus protection is enabled on all host systems through McAfee Anti-Virus, built into HBSS, and Symantec Anti-Virus for servers. Additionally, the Navy employs a robust vulnerability scanning and remediation program, requiring all Navy units to conduct a “scan-patch-scan” rhythm on a monthly basis, although many units conduct these scans weekly.

The Navy’s engineering organization for developing and implementing cybersecurity technical controls to combat the cyber kill chain in figure 1 is the Space and Naval Warfare Systems Command (SPAWAR), currently led by Rear Admiral David Lewis, and earlier this year SPAWAR released eight technical standards that define how the Navy will implement technical solutions such as firewalls, demilitarized zones (DMZs), and vulnerability scanners. RADM Lewis noted that 38 standards will eventually be developed by 2018, containing almost 1,000 different technical controls that must be implemented across the enterprise.

Of significance in this new technical control scheme is that no single control has priority over the others. All defensive measures work in tandem to defeat the adversary’s cyber kill chain, preventing them from moving “to the right” without the Navy’s ability to detect, localize, contain, and counter-attack. RADM Lewis notes that “the key is defining interfaces between systems and collections of systems called enclaves,” while also using “open architecture” systems moving forward to ensure all components speak the same language and can communicate throughout the enterprise.

The importance of open systems architecture (OSA) as a way to build a defendable network the size of the Navy’s cannot be understated. The DoD and the Navy, in particular, have mandated use of open systems specifications since 1994; systems that “employ modular design, use widely supported and consensus-based standards for their key interfaces, and have been subjected to successful validation and verification tests to ensure the openness of their key interfaces.” By using OSA as a means to build networked systems, the Navy can layer defensive capabilities on top of them and integrate existing cybersecurity controls more seamlessly. Proprietary systems, by comparison, lack such flexibility thereby making integration into existing architecture more difficult.

Technical controls for combating the insider threat become more difficult, often revolving around identity management software and access control measures. Liang and Biros note two organizational factors to influencing insider threats: security policy and organizational culture. Employment of the policy must be clearly and easily understood by the workforce, and the policy must be enforced (more importantly, the workforce must fully understand through example that the policies are enforced). Organizational culture centers around the acceptance of the policy throughout the workforce, management’s support of the policy, and security awareness by all personnel. Liang and Biros also note that access control and monitoring are two must-have technical security controls, and as previously discussed, the Navy clearly has both yet the insider threat remains a primary concern. Clearly, more must be done at the organizational level to combat this threat, rather than just technical implementation of access controls and activity monitoring systems.

Information Security Policy Needed to Address Threats and Vulnerabilities

The U.S. Navy has had an information security policy in place for many years, and the latest revision is outlined in Secretary of the Navy Instruction (SECNAVINST) 5510.36, signed June 2006. This instruction is severely out of date and does not keep pace with current technology or best practices; Apple released the first iPhone in 2007, kicking off the smart phone phenomenon that would reach the hands of 68% of all U.S. adults as of 2015, with 45% also owning tablets. Moreover, the policy has a number of inconsistencies and fallacies that can be avoided, such as a requirement that each individual Navy unit establish its own information security policy, which creates unnecessary administrative burden on commands that may not have the time nor expertise to do so. Additionally, the policy includes a number of outdated security controls under older programs such as the DoD Information Assurance Certification and Accreditation Process (DIACAP), which has since transitioned to the National Institute for Standards and Technology (NIST) Risk Management Framework (RMF).

Beginning in 2012, the DoD began transitioning away from DIACAP towards the NIST RMF, making full use of NIST Special Publications (SPs) for policy development and implementation of security controls. The NIST RMF as it applies to DoD, and thus the Navy, is illustrated in figure 2. The process involves using NIST standards (identified in various SPs) to first categorize systems, select appropriate security controls, implement the controls, assess their effectiveness, authorize systems to operate, then monitor their use for process improvement.

Figure 2. NIST Risk Management Framework

This policy is appropriate for military systems, and the Navy in particular, as it allows for a number of advantages for policymakers, warfighters, system owners, and developers alike. It standardizes cybersecurity language and controls across the federal government for DoD and Navy policymakers, and increases rapid implementation of security solutions to accommodate the fluidity of warfighting needs. Additionally, it drives more consistent standards and optimized workflow for risk management which benefits system developers and those responsible for implementation, such as SPAWAR.

Efforts are already underway to implement these policy measures in the Navy, spearheaded by SPAWAR as the Navy’s information technology engineering authority. The Navy also launched a new policy initiative to ensure its afloat units are being fitted with appropriate security controls, known as “CYBERSAFE.” This program will ensure the implementation of NIST security controls will be safe for use aboard ships, and will overall “focus on ship safety, ship combat systems, networked combat and logistics systems” similar to the Navy’s acclaimed SUBSAFE program for submarine systems but with some notable IT-specific differences. CYBERSAFE will categorize systems into three levels of protection, each requiring a different level of cybersecurity controls commensurate with how critical the system is to the Navy’s combat or maritime safety systems, with Grade A (mission critical) requiring the most tightly-controlled component acquisition plan and continuous evaluation throughout the systems’ service life.

Implementation of the NIST RMF and associated security policies is the right choice for the Navy, but it must accelerate its implementation to combat the ever-evolving threat. While the process is already well underway, at great cost and effort to system commands like SPAWAR, these controls cannot be delayed. Implementing the RMF across the Navy enterprise will reduce risk, increase security controls, and put its implementation in the right technical hands rather than a haphazard implementation of an outdated security policy that has, thus far, proven inadequate to meet the threats and reduce vulnerabilities inherent with operating such a large networked enterprise. With the adoption of these new NIST policies also comes a new strategy for combating foes in cyberspace, and the Navy has answered that in a few key strategy publications outlined in the next section.

Potential Security Strategy for Combating Threats and Minimizing Vulnerabilities

It is important to note that the Navy, like the other armed services of the DoD, was “originally founded to project U.S. interests into non-governed common spaces, and both have established organizations to deal with cybersecurity.” The Navy’s cyber policy and strategy arm is U.S. Fleet Cyber Command (FLTCYBERCOM, or FCC), co-located with the DoD’s unified cyber commander, U.S. Cyber Command (USCYBERCOM, or USCC). Additionally, its operational cyber arm, responsible for offensive and defensive operations in cyberspace, is U.S. 10th Fleet (C10F), which is also co-located with U.S. Fleet Cyber and shares the same commander, currently Vice Admiral Michael Gilday.

Prior to VADM Gilday’s assumption of command as FCC/C10F, a strategy document was published by the Chief of Naval Operations in 2013 known as Navy Cyber Power 2020, which outlines the Navy’s new strategy for cyberspace operations and combating the threats and vulnerabilities it faces in the information age. The strategic overview is illustrated in figure 3, and attempts to align Navy systems and cybersecurity efforts with four main focus areas: integrated operations, optimized cyber workforce, technology innovation, and acquisition reform. In short, the Navy intends to integrate its offensive and defensive operations with other agencies and federal departments to create a unity of effort (evident by its location at Ft. Meade, MD, along with the National Security Agency and USCC), better recruit and train its cyber workforce, rapidly provide new technological solutions to the fleet, and reform the acquisition process to be more streamlined for information technology and allow faster development of security systems.

Figure 3. Threats and Motivations, Strategic Focus of Navy Cybersecurity 

Alexander Vacca, in his recent published research into military culture as it applies to cybersecurity, noted that the Navy is heavily influenced by sea combat strategies theorized by Alfred Thayer Mahan, one of the great naval strategists of the 19th century. Indeed, the Navy continually turns to Mahan throughout an officer’s career from the junior midshipman at the Naval Academy to the senior officer at the Naval War College. Vacca noted that the Navy prefers Mahan’s “decisive battle” strategic approach, preferring to project power and dominance rather than pursue a passive, defensive strategy. This potentially indicates the Navy’s preference to adopt a strategy “designed to defeat enemy cyber operations” and that “the U.S. Navy will pay more attention to the defeat of specified threats” in cyberspace rather than embracing cyber deterrence wholesale. Former Secretary of the Navy Ray Mabus described the offensive preference for the Navy’s cyberspace operations in early 2015, stating that the Navy was increasing its cyber effects elements in war games and exercises, and developing alternative methods of operating during denial-of-service situations. It is clear, then, that the Navy’s strategy for dealing with its own vulnerabilities is to train to operate without its advanced networked capabilities, should the enemy deny its use. Continuity of operations (COOP) is a major component in any cybersecurity strategy, but for a military operation, COOP becomes essential to remaining flexible in the chaos of warfare.

A recent  article describing a recent training conference between top industry cybersecurity experts and DoD officials was critical of the military’s cybersecurity training programs. Chief amongst these criticisms was that the DoD’s training plan and existing policies are too rigid and inflexible to operate in cyberspace, stating that “cyber is all about breaking the rules… if you try to break cyber defense into a series of check-box requirements, you will fail.” The strategic challenge moving forward for the Navy and the DoD as a whole is how to make military cybersecurity policy (historically inflexible and absolute) and training methods more like special forces units: highly trained, specialized, lethal, shadowy, and with greater autonomy within their specialization.

Current training methods within the U.S. Cyber Command’s “Cyber Mission Force” are evolving rapidly, with construction of high-tech cyber warfare training facilities already underway. While not yet nearly as rigorous as special forces-like training (and certainly not focused on the physical fitness aspect of it), the training strategy is clearly moving in a direction that will develop a highly-specialized joint information warfare workforce. Naegele’s article concludes with a resounding thought: “The heart of cyber warfare…is offensive operations. These are essential military skills…which need to be developed and nurtured in order to ensure a sound cyber defense.

Conclusions

This paper outlined several threats against the U.S. Navy’s networked enterprise, to include nation state cyber-rivals like China, Russia, Iran, and North Korea, and non-state actors such as hactivists, individual hackers, terrorists, and criminal organizations. The insider threat is of particular concern due to this threat’s ability to circumvent established security measures, and requires organizational and cultural influences to counter it, as well as technical access controls and monitoring. Additionally, the Navy has inherent vulnerabilities in the PNT technology used in navigation and weapon systems throughout the fleet, as well as the vast scope of the ashore network known as NMCI, or NGEN.

The Navy implements a litany of cybersecurity technical controls to counter these threats, including firewalls, DMZs, and vulnerability scanning. One of the Navy’s primary anti-access and detection controls is host-based security through McAfee’s HBSS suite, anti-virus scanning, and use of open systems architecture to create additions to its network infrastructure. The Navy, and DoD as a whole, is adopting the NIST Risk Management Framework as its information security policy model, implementing almost 1000 controls adopted from NIST Special Publication 800-53, and employing the RMF process across the entire enterprise. The Navy’s four-pronged strategy for combating threats in cyberspace and reducing its vulnerability footprint involves partnering with other agencies and organizations, revamping its training programs, bringing new technological solutions to the fleet, and reforming its acquisition process. However, great challenges remain in evolving its training regimen and military culture to enable an agile and cyber-lethal warfighter to meet the growing threats.

In the end, the Navy and the entire U.S. military apparatus is designed for warfare and offensive operations. In this way, the military has a tactical advantage over many of its adversaries, as the U.S. military is the best trained and resourced force the world has ever known. General Carl von Clausewitz, in his great anthology on warfare, stated as much in chapter 3 of book 5 of On War (1984), describing relative strength through admission that “the principle of bringing the maximum possible strength to the decisive engagement must therefore rank higher than it did in the past.” The Navy must continue to exploit this strength, using its resources smartly by enacting smart risk management policies, a flexible strategy for combating cyber threats while reducing vulnerabilities, and training its workforce to be the best in the world.

Lieutenant Howard is an information warfare officer/information professional assigned to the staff of the Chief of Naval Operations in Washington D.C. He was previously the Director of Information Systems and Chief Information Security Officer on a WASP-class amphibious assault ship in San Diego.

Dr. da Cruz is a Professor of International Relations and Comparative Politics at Armstrong State University, Savannah, Georgia and Adjunct Research Professor at the U.S. Army War College, Carlisle, Pennsylvania.

The views expressed here are solely those of the authors and do not necessarily reflect those of the Department of the Navy, Department of the Army, Department of Defense or the United States Government.

Featured Image: At sea aboard USS San Jacinto (CG 56) Mar. 5, 2003 — Fire Controlman Joshua L. Tillman along with three other Fire Controlmen, man the shipÕs launch control watch station in the Combat Information Center (CIC) aboard the guided missile cruiser during a Tomahawk Land Attack Missile (TLAM) training exercise. (RELEASED)