“It’s not uncommon for discussions of competence and character to put the matters of creativity and compliance in tension…”—Admiral John Richardson, Chief of Naval Operations
In January 2017, Chief of Naval Operations Admiral John Richardson, released the Navy Leader Development Framework, outlining how the United States Navy will develop future leaders capable of meeting the challenges of a rapidly changing and complex world. The framework recognizes three values that are integral to developing leadership — compliance, creativity, and character. Of the three values, creativity represents the biggest challenge to naval leadership. It is challenging because it defies easy characterization and represents a divergence from the traditional values associated with developing Naval leadership. While there is an institutional framework and culture that develops, values, and supports compliance and character from seaman to admiral, the same cannot be said of creativity. Certainly creativity has always existed within the Navy, but until recently, it was not recognized as an integral value of leadership. Placing it on the same level as compliance and character requires change. And balancing the tension that exists between these values is one of the biggest challenges facing the Navy.
Creativity is More than just Being Different
In order to effectively harness creativity leaders must clearly understand what creativity is and how it differs from more traditional naval leadership values. Naval leaders are accustomed to dealing with issues of compliance and character. These values are well-defined within the Navy’s core values and evaluation process and feature prominently throughout a sailor’s career, regardless of rating or community. Naval culture views compliance and character dichotomously — one has either complied or not; one either has good character or not. In both instances, success and failure are easily identifiable. Leaders and followers feel comfortable using these metrics as ranking tools.
Creativity — using imagination or original ideas to create something — defies such simple characterization. Creativity is different; it is subjective and exists on a spectrum not seen with compliance and character. Creativity courts risk, is not easily manageable, and often results in failure. It follows that creativity will likely be costly in terms of resources and egos — there’s rarely an immediate payoff in any tangible terms. However costly, creativity and the innovation it sparks holds the key to developing future leaders that are adaptable. The creative mind holds multiple perspectives simultaneously. As such, creative decision-making produces more options, thereby increasing the likelihood of success. This idea is the bedrock for the SECNAV’s Naval Innovation Network, which seeks to bring together disparate ideas from across the ranks in the hopes of fostering creativity.
Establish a Direct Relationship with Creativity
While acknowledging the importance of creativity is important, leaders need to take concrete actions that encourage and make effective use of that creativity. The difficulty for today’s leaders is how to cultivate that creative environment for leaders and followers within an organization that traditionally measures success and failure objectively. Doing so requires adjustments to the way in which the organization reacts to failure and the way compliance and character are typically measured. These changes need to occur vertically as well as horizontally because, like character and compliance, when properly cultivated creativity is infectious.
Making creativity an effective part of the Navy’s leadership model presents some practical challenges. These challenges range from the bureaucratic to the operational and vary from community to community. While forward-leaning leaders speak of thinking outside the box, enlarging the box, or thinking like there is no box, the words can be difficult to translate into action. That is primarily because these well-intentioned challenges to become creative thinkers rarely address the practical limitations that box sailors in every day. From evaluation cycles and ranking boards to tour lengths and qualifications, the personnel organization of the Navy was not designed with creativity in mind. The bureaucracy, when coupled with operational tempos, stifles creativity; sailors simply don’t have the time or luxury to be creative. However, creativity must have time and room to flourish.
Creating this time and space within the disciplined constraints of the Navy is the primary issue facing today’s deckplate leaders. To meet this challenge, these leaders need to move beyond encouraging creativity and provide defined pathways through the bureaucracy and operational tempo. To create these pathways, it is essential that leaders first acknowledge the limitations and potential of creativity. Acknowledging limitations and potential allows leaders to adopt the CNOs line of effort toward High Velocity Learning, whereby leaders strive to accelerate learning through the adoption of the “best concepts, techniques, and technologies.” In doing so, leaders can set aspirational goals while ensuring that creativity yields results and is not wasted time.
Foremost, leaders need to identify where and when to tolerate creativity within their particular missions. A sailor performing a Planned Maintenance System (PMS) check is not an acceptable time for encouraging creativity. Yet, a junior officer conducting Theater Security Cooperation (TSC) activities or an Information Systems Technician identifying systems installations onboard a new platform could flourish in a creative environment. Making these differences clear to subordinates will set the stage for creativity to become an effective tool. Meanwhile, adapting processes outlined in the model of high velocity learning that embolden innovation and creativity will leave sailors feeling confident in exercising their creativity, while leaders will feel confident encouraging creativity.
Along with creating an environment conducive for creativity, leaders need to establish a balance between creativity and compliance. In many practical ways, creativity opposes the Navy’s concept of compliance. By its nature, creativity eschews following the standard rules as it searches for new and innovative ways to achieve something. Resolving the tension that exists between these values will involve sustained involvement from leadership. The CNO’s guidance makes specific mention of the tension created when the notions of competence and character meet the principles of creativity and compliance. Within this tension lies the potential for failure. There’s an immediate danger in too much creativity and not enough compliance, but there’s a long-term danger in too much compliance and not enough creativity.
Moving Past the Fear of Failure
Perhaps the greatest impediment to embracing creativity is the potential for failure. Fear of failure does more to stifle creativity than any bureaucracy or operational tempo ever can. The fear manifests itself in two distinct ways: individual and institutional. There is the individual fear that people have of failure and the repercussions of failure. And then there is the institutional fear that comes from the reticence that peers and leaders have of acknowledging failure in others. While each begets the other, it is important not to conflate the two because they come from different places and, thus, need different solutions. Institutional failure is abstract, while individual failure is personal. Studies show that followers who fear failure focus on thatfear rather than the task, while leaders who fear failures tend to ignore the failures. In both instances, people lose the ability to learn lessons.
Therefore, mandating reforms to foster an institutional environment that embraces failure is only one part of the equation. The individual must also be convinced of the need to accept and learn from failure, which involves a more nuanced approach. To change the attitude sailors have toward failing the Navy must introduce the concept of failureship. Like the name implies, failureship is the ability to fail; and like leadership, it is a learned concept. Considering the relationship that people have with failure, learning to fail constructively is an important lesson for new sailors. Unfortunately, it’s a lesson that the Navy spends little time teaching.
Navy culture encourages success at every stage, and rightly so, because lives often depend on that success. The Navy cites historical examples of battles won and lost, each replete with astounding examples of sailors overcoming staggering odds and arduous circumstances to rise to the occasion. The CNO’s Professional Reading Program is replete with these stories of heroism. Often overlooked within these stories are examples of creativity—sailors taking chances when there’s nothing else to lose. While these tales illustrate that creativity can lead to success, there’s a deeper, less obvious lesson. That is, too often creativity is treated as a last-ditch effort, that failure is an acceptable outcome when there’s nothing else to lose. It is time to recognize that, in the proper context, creativity and failure will promote success. Creativity does not need to be reactive; it has a preventative dimension. It’s time to move failure to the forefront.
To promote this thinking, the discussion needs to move beyond mere acceptance of failure. It needs to move into a realm where leaders encourage failure and followers embrace the lessons of failure. Instead of getting over failure we need to rally around failure. As the aphorism goes: someone who’s never failed has never tried. Discussions of failure need to move from the posters and books and into wardrooms, messes, and galleys. This involves a paradigm shift in how the Navy treats failure. Unlike success, where we champion and personalize the effects, we take a distanced approach to failure. Failure, when accepted, is something that happens to others. Aside from these cultural biases, failure has psychological limitations—people have a tough time dealing with failure. For some, anonymity may encourage creativity, for others, the motivation to be creative may come from the promise of rewards. Despite these differences, the underlying premise remains the same—leaders must look for ways to foster creativity within themselves and their subordinates.
For good reason, the Navy has long promoted successful execution over thoughtful rumination. However, global forces are at work today that require a paradigm shift in the way the Navy develops future leaders. To remain on the cutting edge, keep the brightest talent, and sustain the element of surprise, the Navy needs to cultivate a culture that believes in the value of failure, adopts an organizational behavior that encourages creative minds, and balances the application of creativity with its practical limitations. After all, creativity embodies the Navy’s core values: it takes honor to try, courage to fail, and commitment to overcome failure.
While incorporating creativity into leadership development presents challenges, the good news is that the Navy already possesses many strengths and initiatives to leverage the creative spirit. From traditional concepts like intrusive leadership to new proposals like career sabbaticals and the Tours with Industry program, the Navy is well poised to begin developing creative leaders. The diversity of the Navy’s workforce is another key component that will bolster creativity through exchanging ideas and experiences. As the Navy strives to innovate and overcome, developing and sustaining creative thinkers will determine the future course.
LT David M. Andre is a former Intelligence Specialist, has served as an Intelligence Officer and Liaison Officer assigned to AFRICOM and is a graduate of the Naval Postgraduate School. He is currently serving as N2 for COMDESRON Seven in Singapore. He can be reached at DMA.USN@gmail.com. The views expressed above are his own and do not reflect the official views and are not endorsed by the United States Navy, the Department of the Navy, the Department of Defense, or any other body of the United States Government.
Featured Image: February 7, 2017. A warfare tactics instructor speaks before sailors. (U.S. Navy photo)
The United States Navy is a vast, worldwide organization with unique missions and challenges, with information security (and information warfare at large) a key priority within the Chief of Naval Operations’ strategic design. With over 320,000 active duty personnel, 274 ships with over 20 percent of them deployed across the world at any one time, the Navy’s ability to securely communicate across the globe to its forces is crucial to its mission. In this age of rapid technological growth and the ever expanding internet of things, information security is a primary consideration in the minds of senior leadership of every global organization. The Navy is no different, and success or failure impacts far more than a stock price.
Indeed, an entire sub-community of professional officers and enlisted personnel are dedicated to this domain of information warfare. The great warrior-philosopher Sun Tzu said “one who knows the enemy and knows himself will not be endangered in a hundred engagements.” The Navy must understand the enemy, but also understand its own limitations and vulnerabilities, and develop suitable strategies to combat them. Thankfully, strategy and policy are core competencies of military leadership, and although information warfare may be replete with new technology, it conceptually remains warfare and thus can be understood, adapted, and exploited by the military mind.
This paper presents a high-level, unclassified overview of threats and vulnerabilities surrounding the U.S. Navy’s network systems and operations in cyberspace. Several threats are identified to include nation states, non-state actors, and insider threats. Additionally, vulnerabilities are presented such as outdated network infrastructure, unique networking challenges present aboard ships at sea, and inadequate operating practices. Technical security measures that the Navy uses to thwart these threats and mitigate these vulnerabilities are also presented. Current U.S. Navy information security policies are analyzed, and a potential security strategy is presented that better protects the fleet from the before-mentioned cyber threats, mitigates vulnerabilities, and aligns with current federal government mandates.
Navy Network Threats and Vulnerabilities
There are several cyber threats that the Navy continues to face when conducting information operations in cyberspace. Attacks against DoD networks are relentless, with 30 million known malicious intrusions occurring on DoD networks over a ten-month period in 2015. Of principal importance to the U.S. intelligence apparatus are nation states that conduct espionage against U.S. interests. In cyberspace, the Navy contests with rival nations such as Russia, China, Iran, and North Korea, and all are developing their own information warfare capabilities and information dominance strategies. These nations, still in various stages of competency in the information warfare domain, continue to show interest in exploiting the Navy’s networks to conduct espionage operations, either by stealing information and technical data on fleet operations or preventing the Navy from taking advantage of information capabilities.
Non-state actors also threaten naval networks. Organized activist groups known collectively as “hacktivists,” with no centralized command and control structure and dubious, fickle motivations, present a threat to naval cyberspace operations if their goals are properly aligned. In 2012, Navy officials discovered hacktivists from the group “Team Digi7al” had infiltrated the Navy’s Smart Web Move website, extracting personal data from almost 220,000 service members, and has been accused of more than two dozen additional attacks on government systems from 2012 to 2013. The hactivist group boasted of their exploits over social media, citing political reasons but also indicated they did it for recreation as well. Individual hackers, criminal organizations, and terrorist groups are also non-state threat actors, seeking to probe naval networks for vulnerabilities that can be exploited to their own ends. All of these threats, state or non-state actors, follow what the Department of Defense (DoD) calls the “cyber kill chain,” depicted in figure 1. Once objectives are defined, the attacker follows the general framework from discovery to probing, penetrating then escalating user privileges, expanding their attack, persisting through defenses, finally executing their exploit to achieve their objective.
One of the Navy’s most closely-watched threat sources is the insider threat. Liang and Biros, researchers at Oklahoma State University, define this threat as “an insider’s action that puts an organization or its resources at risk.” This is a broad definition but adequately captures the scope, as an insider could be either malicious (unlikely but possible, with recent examples) or unintentional (more likely and often overlooked).
The previously-mentioned Team Digi7al hactivist group’s leader was discovered to be a U.S. Navy enlisted Sailor, Petty Officer Nicholas Knight, a system administrator within the reactor department aboard USS HARRY S TRUMAN (CVN 75). Knight used his inside knowledge of Navy and government systems to his group’s benefit, and was apprehended in 2013 by the Navy Criminal Investigative Service and later sentenced to 24 months in prison and a dishonorable discharge from Naval service.
Presidential Executive Order 13587, signed in 2011 to improve federal classified network security, further defines an insider threat as “a person with authorized access who uses that access to harm national security.” Malevolence aside, the insider threat is particularly perilous because these actors, by virtue of their position within the organization, have already bypassed many of the technical controls and cyber defenses that are designed to defeat external threats. These insiders can cause irreparable harm to national security and the Navy’s interests in cyberspace. This has been demonstrated by the Walker-Whitworth espionage case in the 1980s, Private Manning in the latter 2000s, or the very recent Edward Snowden/NSA disclosure incidents.
The Navy’s vulnerabilities, both inherent to its nature and as a result of its technological advances, are likewise troubling. In his 2016 strategic design, Chief of Naval Operations Admiral John M. Richardson stated that “the forces at play in the maritime system, the force of the information system, and the force of technology entering the environment – and the interplay between them have profound implications for the United States Navy.” Without going into classified details or technical errata, the Navy’s efforts to secure its networks are continuously hampered by a number of factors which allow these threats a broad attack surface from which to choose.
As the previous Chief of Naval Operations (CNO), Admiral Jon Greenert describes in 2012, Navy platforms depend on networked systems for command and control: “Practically all major systems on ships, aircraft, submarines, and unmanned vehicles are ‘networked’ to some degree.” The continual reliance on position, navigation, and timing (PNT) systems, such as the spoofing and jamming-vulnerable Global Positioning System (GPS) satellite constellation for navigation and precision weapons, is likewise a technical vulnerability. An internet search on this subject reveals multiple scholarly and journalist works on these vulnerabilities, and more than a few describe how to exploit them for very little financial investment, making them potentially cheap attack vectors.
Even the Navy’s vast size and scope of its networks present a vulnerability to its interests in cyberspace. As of 2006, the Navy and Marine Corps Intranet (NMCI), a Government Owned-Contractor Operated (GOCO) network that connects Navy and Marine Corps CONUS shore commands under a centralized architecture, is “the world’s largest, most secure private network serving more than 500,000 sailors and marines globally.” That number has likely grown in the 10 years since that statistic was published, and even though the name has been changed to the Navy’s Next Generation Network (NGEN), it is still the same large beast it was before, and remains one of the single largest network architectures operating worldwide. Such a network provides an enticing target.
Technical Security Measures and Controls
The Navy employs the full litany of technical cybersecurity controls across the naval network enterprise, afloat and ashore. Technical controls include host level protection through the use of McAfee’s Host Based Security System (HBSS), designed specifically for the Navy to provide technical controls at the host (workstation and server) level. Network controls include network firewalls, intrusion detection and prevention systems (IDS/IPS), security information and event management, continuous monitoring, boundary protection, and defense-in-depth functional implementation architecture. Anti-virus protection is enabled on all host systems through McAfee Anti-Virus, built into HBSS, and Symantec Anti-Virus for servers. Additionally, the Navy employs a robust vulnerability scanning and remediation program, requiring all Navy units to conduct a “scan-patch-scan” rhythm on a monthly basis, although many units conduct these scans weekly.
The Navy’s engineering organization for developing and implementing cybersecurity technical controls to combat the cyber kill chain in figure 1 is the Space and Naval Warfare Systems Command (SPAWAR), currently led by Rear Admiral David Lewis, and earlier this year SPAWAR released eight technical standards that define how the Navy will implement technical solutions such as firewalls, demilitarized zones (DMZs), and vulnerability scanners. RADM Lewis noted that 38 standards will eventually be developed by 2018, containing almost 1,000 different technical controls that must be implemented across the enterprise.
Of significance in this new technical control scheme is that no single control has priority over the others. All defensive measures work in tandem to defeat the adversary’s cyber kill chain, preventing them from moving “to the right” without the Navy’s ability to detect, localize, contain, and counter-attack. RADM Lewis notes that “the key is defining interfaces between systems and collections of systems called enclaves,” while also using “open architecture” systems moving forward to ensure all components speak the same language and can communicate throughout the enterprise.
The importance of open systems architecture (OSA) as a way to build a defendable network the size of the Navy’s cannot be understated. The DoD and the Navy, in particular, have mandated use of open systems specifications since 1994; systems that “employ modular design, use widely supported and consensus-based standards for their key interfaces, and have been subjected to successful validation and verification tests to ensure the openness of their key interfaces.” By using OSA as a means to build networked systems, the Navy can layer defensive capabilities on top of them and integrate existing cybersecurity controls more seamlessly. Proprietary systems, by comparison, lack such flexibility thereby making integration into existing architecture more difficult.
Technical controls for combating the insider threat become more difficult, often revolving around identity management software and access control measures. Liang and Biros note two organizational factors to influencing insider threats: security policy and organizational culture. Employment of the policy must be clearly and easily understood by the workforce, and the policy must be enforced (more importantly, the workforce must fully understand through example that the policies are enforced). Organizational culture centers around the acceptance of the policy throughout the workforce, management’s support of the policy, and security awareness by all personnel. Liang and Biros also note that access control and monitoring are two must-have technical security controls, and as previously discussed, the Navy clearly has both yet the insider threat remains a primary concern. Clearly, more must be done at the organizational level to combat this threat, rather than just technical implementation of access controls and activity monitoring systems.
Information Security Policy Needed to Address Threats and Vulnerabilities
The U.S. Navy has had an information security policy in place for many years, and the latest revision is outlined in Secretary of the Navy Instruction (SECNAVINST) 5510.36, signed June 2006. This instruction is severely out of date and does not keep pace with current technology or best practices; Apple released the first iPhone in 2007, kicking off the smart phone phenomenon that would reach the hands of 68% of all U.S. adults as of 2015, with 45% also owning tablets. Moreover, the policy has a number of inconsistencies and fallacies that can be avoided, such as a requirement that each individual Navy unit establish its own information security policy, which creates unnecessary administrative burden on commands that may not have the time nor expertise to do so. Additionally, the policy includes a number of outdated security controls under older programs such as the DoD Information Assurance Certification and Accreditation Process (DIACAP), which has since transitioned to the National Institute for Standards and Technology (NIST) Risk Management Framework (RMF).
Beginning in 2012, the DoD began transitioning away from DIACAP towards the NIST RMF, making full use of NIST Special Publications (SPs) for policy development and implementation of security controls. The NIST RMF as it applies to DoD, and thus the Navy, is illustrated in figure 2. The process involves using NIST standards (identified in various SPs) to first categorize systems, select appropriate security controls, implement the controls, assess their effectiveness, authorize systems to operate, then monitor their use for process improvement.
This policy is appropriate for military systems, and the Navy in particular, as it allows for a number of advantages for policymakers, warfighters, system owners, and developers alike. It standardizes cybersecurity language and controls across the federal government for DoD and Navy policymakers, and increases rapid implementation of security solutions to accommodate the fluidity of warfighting needs. Additionally, it drives more consistent standards and optimized workflow for risk management which benefits system developers and those responsible for implementation, such as SPAWAR.
Efforts are already underway to implement these policy measures in the Navy, spearheaded by SPAWAR as the Navy’s information technology engineering authority. The Navy also launched a new policy initiative to ensure its afloat units are being fitted with appropriate security controls, known as “CYBERSAFE.” This program will ensure the implementation of NIST security controls will be safe for use aboard ships, and will overall “focus on ship safety, ship combat systems, networked combat and logistics systems” similar to the Navy’s acclaimed SUBSAFE program for submarine systems but with some notable IT-specific differences. CYBERSAFE will categorize systems into three levels of protection, each requiring a different level of cybersecurity controls commensurate with how critical the system is to the Navy’s combat or maritime safety systems, with Grade A (mission critical) requiring the most tightly-controlled component acquisition plan and continuous evaluation throughout the systems’ service life.
Implementation of the NIST RMF and associated security policies is the right choice for the Navy, but it must accelerate its implementation to combat the ever-evolving threat. While the process is already well underway, at great cost and effort to system commands like SPAWAR, these controls cannot be delayed. Implementing the RMF across the Navy enterprise will reduce risk, increase security controls, and put its implementation in the right technical hands rather than a haphazard implementation of an outdated security policy that has, thus far, proven inadequate to meet the threats and reduce vulnerabilities inherent with operating such a large networked enterprise. With the adoption of these new NIST policies also comes a new strategy for combating foes in cyberspace, and the Navy has answered that in a few key strategy publications outlined in the next section.
Potential Security Strategy for Combating Threats and Minimizing Vulnerabilities
It is important to note that the Navy, like the other armed services of the DoD, was “originally founded to project U.S. interests into non-governed common spaces, and both have established organizations to deal with cybersecurity.” The Navy’s cyber policy and strategy arm is U.S. Fleet Cyber Command (FLTCYBERCOM, or FCC), co-located with the DoD’s unified cyber commander, U.S. Cyber Command (USCYBERCOM, or USCC). Additionally, its operational cyber arm, responsible for offensive and defensive operations in cyberspace, is U.S. 10th Fleet (C10F), which is also co-located with U.S. Fleet Cyber and shares the same commander, currently Vice Admiral Michael Gilday.
Prior to VADM Gilday’s assumption of command as FCC/C10F, a strategy document was published by the Chief of Naval Operations in 2013 known as Navy Cyber Power 2020, which outlines the Navy’s new strategy for cyberspace operations and combating the threats and vulnerabilities it faces in the information age. The strategic overview is illustrated in figure 3, and attempts to align Navy systems and cybersecurity efforts with four main focus areas: integrated operations, optimized cyber workforce, technology innovation, and acquisition reform. In short, the Navy intends to integrate its offensive and defensive operations with other agencies and federal departments to create a unity of effort (evident by its location at Ft. Meade, MD, along with the National Security Agency and USCC), better recruit and train its cyber workforce, rapidly provide new technological solutions to the fleet, and reform the acquisition process to be more streamlined for information technology and allow faster development of security systems.
Alexander Vacca, in his recent published research into military culture as it applies to cybersecurity, noted that the Navy is heavily influenced by sea combat strategies theorized by Alfred Thayer Mahan, one of the great naval strategists of the 19th century. Indeed, the Navy continually turns to Mahan throughout an officer’s career from the junior midshipman at the Naval Academy to the senior officer at the Naval War College. Vacca noted that the Navy prefers Mahan’s “decisive battle” strategic approach, preferring to project power and dominance rather than pursue a passive, defensive strategy. This potentially indicates the Navy’s preference to adopt a strategy “designed to defeat enemy cyber operations” and that “the U.S. Navy will pay more attention to the defeat of specified threats” in cyberspace rather than embracing cyber deterrence wholesale. Former Secretary of the Navy Ray Mabus described the offensive preference for the Navy’s cyberspace operations in early 2015, stating that the Navy was increasing its cyber effects elements in war games and exercises, and developing alternative methods of operating during denial-of-service situations. It is clear, then, that the Navy’s strategy for dealing with its own vulnerabilities is to train to operate without its advanced networked capabilities, should the enemy deny its use. Continuity of operations (COOP) is a major component in any cybersecurity strategy, but for a military operation, COOP becomes essential to remaining flexible in the chaos of warfare.
A recent article describing a recent training conference between top industry cybersecurity experts and DoD officials was critical of the military’s cybersecurity training programs. Chief amongst these criticisms was that the DoD’s training plan and existing policies are too rigid and inflexible to operate in cyberspace, stating that “cyber is all about breaking the rules… if you try to break cyber defense into a series of check-box requirements, you will fail.” The strategic challenge moving forward for the Navy and the DoD as a whole is how to make military cybersecurity policy (historically inflexible and absolute) and training methods more like special forces units: highly trained, specialized, lethal, shadowy, and with greater autonomy within their specialization.
Current training methods within the U.S. Cyber Command’s “Cyber Mission Force” are evolving rapidly, with construction of high-tech cyber warfare training facilities already underway. While not yet nearly as rigorous as special forces-like training (and certainly not focused on the physical fitness aspect of it), the training strategy is clearly moving in a direction that will develop a highly-specialized joint information warfare workforce. Naegele’s article concludes with a resounding thought: “The heart of cyber warfare…is offensive operations. These are essential military skills…which need to be developed and nurtured in order to ensure a sound cyber defense.“
This paper outlined several threats against the U.S. Navy’s networked enterprise, to include nation state cyber-rivals like China, Russia, Iran, and North Korea, and non-state actors such as hactivists, individual hackers, terrorists, and criminal organizations. The insider threat is of particular concern due to this threat’s ability to circumvent established security measures, and requires organizational and cultural influences to counter it, as well as technical access controls and monitoring. Additionally, the Navy has inherent vulnerabilities in the PNT technology used in navigation and weapon systems throughout the fleet, as well as the vast scope of the ashore network known as NMCI, or NGEN.
The Navy implements a litany of cybersecurity technical controls to counter these threats, including firewalls, DMZs, and vulnerability scanning. One of the Navy’s primary anti-access and detection controls is host-based security through McAfee’s HBSS suite, anti-virus scanning, and use of open systems architecture to create additions to its network infrastructure. The Navy, and DoD as a whole, is adopting the NIST Risk Management Framework as its information security policy model, implementing almost 1000 controls adopted from NIST Special Publication 800-53, and employing the RMF process across the entire enterprise. The Navy’s four-pronged strategy for combating threats in cyberspace and reducing its vulnerability footprint involves partnering with other agencies and organizations, revamping its training programs, bringing new technological solutions to the fleet, and reforming its acquisition process. However, great challenges remain in evolving its training regimen and military culture to enable an agile and cyber-lethal warfighter to meet the growing threats.
In the end, the Navy and the entire U.S. military apparatus is designed for warfare and offensive operations. In this way, the military has a tactical advantage over many of its adversaries, as the U.S. military is the best trained and resourced force the world has ever known. General Carl von Clausewitz, in his great anthology on warfare, stated as much in chapter 3 of book 5 of On War (1984), describing relative strength through admission that “the principle of bringing the maximum possible strength to the decisive engagement must therefore rank higher than it did in the past.” The Navy must continue to exploit this strength, using its resources smartly by enacting smart risk management policies, a flexible strategy for combating cyber threats while reducing vulnerabilities, and training its workforce to be the best in the world.
Lieutenant Howard is an information warfare officer/information professional assigned to the staff of the Chief of Naval Operations in Washington D.C. He was previously the Director of Information Systems and Chief Information Security Officer on a WASP-class amphibious assault ship in San Diego.
Dr. da Cruz is a Professor of International Relations and Comparative Politics at Armstrong State University, Savannah, Georgia and Adjunct Research Professor at the U.S. Army War College, Carlisle, Pennsylvania.
The views expressed here are solely those of the authors and do not necessarily reflect those of the Department of the Navy, Department of the Army, Department of Defense or the United States Government.
Featured Image: At sea aboard USS San Jacinto (CG 56) Mar. 5, 2003 — Fire Controlman Joshua L. Tillman along with three other Fire Controlmen, man the shipÕs launch control watch station in the Combat Information Center (CIC) aboard the guided missile cruiser during a Tomahawk Land Attack Missile (TLAM) training exercise. (RELEASED)
Chief of Naval Operations Admiral John Richardson frequently talks about High Velocity Learning (HVL) and Innovation. You can tell his focus on this topic is working thanks to one clear litmus test: eye rolls and mocking from some of the Fleet’s junior officers. The CNO has spread the gospel so well on this topic that is has become a buzzword throughout wardrooms and squadrons around the world, and now “Innovation” has achieved just enough notoriety to be misunderstood.
The eye-rollers are often resistant to change, cling to the status quo, and most importantly have an ahistorical perception of innovation within the naval service. What they don’t quite comprehend is that innovation is nothing new. Commander BJ Armstrong enumerated the proof of our rich innovation history in consecutive years at the Defense Entrepreneurs Forum, first in 2013 with his lecture on Admiral William Sims that led to the book 21st Century Sims, and then followed by a look at Marine Corps’ forward-thinking embrace of the helicopter in the post-WWII era.
We have innovated before, and we will innovate again. But the CNO makes the case that the quadrupling of worldwide maritime traffic in the last several decades, combined with the free and fast flow of technology and information, creates an innovation and learning imperative like we have never seen. Our maritime superiority, our relevance, and potentially even our Sailors’ survival all depend on it.
Just Do It
It can be a daunting task for an operational leader to lead innovation efforts in the context of the worldwide rise of near-peer adversaries and vague direction from the Pentagon to learn, rapidly iterate, and embrace risk. Where can you even start?
Using the old mantra, “Think Globally but Act Locally,” I decided to tackle something that everyone in our squadron, officer and enlisted alike, always unite to grumble about: meetings. You know them–they pepper the plan of the week like the last pieces of candy in a box of chocolate that no one wants to eat; they draw scowls of dread when you see another two, three, or four in your future. They all start the same with a PowerPoint slide deck, introductions, rules of engagement for the presentation itself, proposed courses of action, “quad slides,” and graphs with labels so small you have no idea what is going on.
Several months ago I heard about a best practice from the civilian industry that caught my attention: the “flipped meeting” utilized at Amazon by billionaire innovator Jeff Bezos. Could the Amazon model work at a Naval Aviation squadron? Would the time continuum explode if officers filed in to the wardroom and didn’t see a standardized PowerPoint screen projected on the wall? I walked to OPS, asked for a meeting to be put on the schedule, and decided to find out.
I used the Navy’s HVL model based on Dr. Steve Spear’s “High Velocity Edge” framework to approach the flipped meeting:
1. Define the problem: Too many meetings in our squadron are dependent on low-learning-level presentations, and almost all exclusively use Power Point.
2. Postulate a solution – and what you think its effects will be: There are countless solutions in other organizations and the corporate world on how to increase learning and co-working levels in meetings. One specific solution is the Amazon flipped meeting, which I guessed would increase learning levels at my squadron.
3. Try out a solution: We did!
4. Do a gap analysis between what you saw happen and what you thought would happen.
5. Update your approach/solution and run it again.
One Specific Solution: The Origins and Upsides of a Bezos “Study Hall”
Fortune Magazine revealed the secrets of an Amazon executive team meeting in their 2012 profile of Jeff Bezos, the founder and CEO of the tech and retail giant. Reporter Adam Lashinsky explains:
Before any discussion begins, members of the team—including Bezos—consume six-page printed memos in total silence for as long as 30 minutes…. They scribble notes in the margins while the authors of the memos wait for Bezos and his minions to finish reading…. Writing a memo is an even more important skill to master. “Full sentences are harder to write,” he says. “They have verbs. The paragraphs have topic sentences. There is no way to write a six-page, narratively structured memo and not have clear thinking.”
So instead of building PowerPoint slides and sweating font consistency, proper margins, bullet styles or punctuation uses, those privileged to brief Bezos focus on the ideas and content themselves. The genius of it is in the simplicity: the purpose of the meeting is to work together on the ideas or content, and the “flipped” meeting allows the ideas or content to be the focus, not the slide deck.
The real magic happens before the meeting ever starts. It happens when the author is writing the memo. What makes this management trick work is how the medium of the written word forces the author of the memo to really think through what he or she wants to present. In having to write it all down, authors are forced to think out tough questions and formulate clear, persuasive replies, reasoning through the structure and logic in the process.
Bezos calls the memos “narratives,” and in his opinion they have many advantages over PowerPoint, as he told Charlie Rose in 2012:
The traditional kind of corporate meeting starts with a presentation. Somebody gets up in front of the room and presents with a PowerPoint presentation, some type of slide show. In our view you get very little information, you get bullet points. This is easy for the presenter, but difficult for the audience. And so instead, all of our meetings are structured around a 6 page narrative memo.
Some other advantages include:
1. Silence is golden. How many times have you presented an issue, only to see several egos in the audience try to take over or derail the brief based on their own interests? Everyone reads the narrative in silence and the discussion comes after in the Bezos “Study Hall” model.
2. No read-ahead required. Bezos believes “the act of communal reading guarantees the group’s undivided attention.” Several times in my career, I have wondered if the person I was briefing had time to review the read-ahead, or if they were getting the message I was trying to convey during the PowerPoint. In a flipped meeting, the audience has no choice but to read the narrative (unless they want to daydream).
3. Eliminating premature questions saves everyone time. “If you have a traditional PowerPoint presentation, executives interrupt,” says Bezos. “If you read the whole six page memo, on page two you have a question. By page four that question is answered.”
4. Ideas and content trump presentation polish. Sometimes, the best ideas come from those who are nervous or just-plain-bad public speakers. Other times, polished presenters with million-dollar-smiles can sell bad or incomplete concepts because they can manipulate the audience into what they want to hear. With the Amazon narrative, the content speaks for itself.
5. The meeting leader is a coworker, not lecturer. The concept of a “flipped classroom” revolutionized education, and Bezos is trying to do the same for the business world. Normally a presenter lectures the audience. An Amazon lecturer is no longer verbally “pushing” communication to the audience; instead the content is “pushed” through the narrative, and then readers can “pull” knowledge from the presenter with informed questions. This creates high rates of learning compared to the traditional model.
It seems that a flipped meeting is effective based on Amazon’s stock price and global reach. But could such a meeting work outside the confines of Silicon Valley boardrooms? Would a bunch of flight-suit wearing naval aircrew be receptive to something so far from the norm?
That Awkward Silence
My unsuspecting teammates filtered in and took seats at the conference table. I hadn’t posted “Amazon-Style Flipped Meeting” on the flight schedule because I thought it might create some sort of bias or discourage full attendance. I simply listed the topic: “Squadron Innovation Culture Workshop.” This subject especially lent itself to a flipped meeting because it was difficult to summarize our squadron’s innovation culture in a deck of PowerPoint slides.
The junior officers filled the dead space before the kick off with the usual banter and jokes. I noticed several check the clock and glance toward the powered-down and blank presentation screen as I passed out copies of the six-page narrative I’d spent the previous week perfecting. It was apparent that several were wondering why there was no laptop connected and no PowerPoint.
The top of the hour arrived and people started leafing through the document. We were still missing two important players who I knew had planned on attending. I decided to give them the usual five-minute grace period in a normal day filled with other tasks and meetings. One finally arrived, so I ventured out to the office of the last straggler, one of my fellow department heads. I told him we were about to start, but he was justifiably delayed in the midst of “putting out a fire” with an urgent travel issue requiring his attention. “I’ll be there in a few!” I knew he probably thought he could catch up with the PowerPoint when he walked in. “We can wait a couple minutes more for you before we start off…” I offered. “No, go ahead. I’ll be down there soon.”
I returned to the assembled group and quickly explained the flipped meeting, the “study hall” reading and the 20 minutes of silence. Everyone nodded in agreement and began. The most awkward part for me was the wait. In this context, 20 minutes felt like an eternity. I already knew the narrative well as the organizer and author. I read through it again while I scanned the faces of my coworkers as they made notes or flipped pages. I found a couple of punctuation errors that I had missed. And then I waited.
The most interesting thing was the late arrival of the last participant 10 minutes into the study hall. He was a bit confused to walk into a room of us all sitting there silently with no PowerPoint in sight. He then tried to catch up on reading the narrative. In the future to help all attendees get the highest rates of learning, I think it would be best to notify everyone in advance it will be a flipped meeting and that study hall will start on time.
Next, I facilitated the discussion. At first people were hesitant to express their opinions, but after a few questions by some of the other forward-leaning members of our squadron, we were well on our way to a 40-minute co-working session. By the tail of the hour the discussion was going strong and we could have continued for another thirty minutes. We decided on a collective course of action to take on the meeting’s topic and agreed on another future meeting.
“PowerPoint Makes Us Stupid.” -Gen. James N. Mattis, USMC, 2010
The backlash against PowerPoint is well documented. This repository of articles compiled by Small Wars Journal counts more than twenty leading media or blog examinations of the detrimental effects of its use. Many leaders like the now-retired General Mattis either loathe it or outright ban it; others see it as a necessary evil.
Reporter Elisabeth Bumiller’s piece about the U.S. military’s use of the program in the New York Times in 2010, titled “We Have Met the Enemy and He is PowerPoint,” seems to foreshadow the rise of Bezos’ corporate use of the flipped meeting:
Commanders say that the slides impart less information than a five-page paper can hold, and that they relieve the briefer of the need to polish writing to convey an analytic, persuasive point. Imagine lawyers presenting arguments before the Supreme Court in slides instead of legal briefs.
The most compelling defenses I’ve heard for military innovation do not involve completely new ideas or inventions. Instead they focus on finding creative best practices in sometimes-unexpected places that could be applied to military problems. Maybe “flipped meetings” won’t catch on to replace old methods completely, but they could become one tool for leaders to use when an occasional respite is needed from the groundhog-day-monotony of PowerPoint briefings.
I would encourage other leaders to challenge the status quo in your unit’s meetings. These resources byFred Zimmerman and Walter Chen can guide you to figure out how to best write your own flipped meeting narrative.
There are myriad other ways to shake up a meeting, like using the “design thinking” approach or an organizational retreat made famous in Patrick Lencioni’s The Five Dysfunctions of a Team. The solution you use will depend heavily on the topic and purpose of the meeting. For example, it is difficult and counterproductive to attempt to give chart-centric “course rules” brief using thousands of written words when visual aids are most appropriate. Even if your first instinct is to use PowerPoint because of the visual nature of the topic, there are several alternative programs like Prezi or Haiku Deck that could bring extra engagement to your audience. The most important concept to remember is that PowerPoint is just a tool, not something good or bad. We need to focus as leaders on using whatever the appropriate tool is for the specific job, not simply revert to the familiar tool just because it is habitual or easy.
So how did my flipped meeting experiment match up to what I thought would happen when I postulated the solution? I think it was worthwhile and I’m looking forward to doing it again. I wasn’t laughed out of the squadron or told by my bosses to go back to exclusively PowerPoint meetings. I saw the light in several of my coworkers’ eyes (despite some initial uncertainty) as they scribbled on parts of the narrative and debated sections they had pulled from it. We had an in-depth discussion about our innovation culture that could have been brought about with a PowerPoint brief instead of the “study hall,” but the discussion would have been less nuanced and with less time to collaborate. Usually presentations are designed for 45 minutes with 15 minutes of questions and discussion at the end. We invested 20 minutes up front during the flipped meeting to silently immerse in the topic, leaving us more than double the discussion and co-working time.
The flipped meeting can’t be considered a complete success, though, until we are achieving high learning rates from our gatherings on a consistent basis, no matter what tool is used to get there. If I started a conversation or sparked an idea in the wardroom, it was worth it.
Every meeting I’ve gone to since, I enter the room and look at the briefer, the table and the wall. One of these days there will be no PowerPoint and a stack of six-page narratives waiting for me to pick up. Here’s to “study hall!”
Jared Wilhelm is a U.S. Navy officer and Maritime Patrol Instructor Pilot with experience in four operational theaters flying the P-3C Orion. He is a passionate writer focused on innovation and meaningful reform, all to help maintain the U.S. military’s superiority over adversaries in the short and long term. He served in Argentina as an Olmsted Scholar from 2014-2016 and won the U.S. Naval Institute’s 2015 General Prize Essay Contest. He is a Department of Defense Spanish linguist who holds masters degrees from the U.S. Naval Postgraduate School (Systems Engineering and Analysis) and the U.S. Naval War College (National Security and Strategic Studies), as well as a B.S. in Systems Engineering from the U.S. Naval Academy. The opinions expressed are his alone and do not reflect the official position of any other entity or organization.
Featured Image: U.S. Navy photo by Mass Communication Specialist 3rd Class Jackie Hart.
This article originally featured at The Strategy Bridge and is republished with permission. Read it in its original form here.
By Brad DeWees
Is the “military mind” compatible with the values that make innovation possible?
In 1957 Samuel Huntington defined the “military mind,” or how the military sees the world and interacts with it. His definition of the military mind formed the cornerstone of his broader work on civil-military relations—The Soldier and the State. In that work Huntington claimed the ideal soldier is conservative in the classical sense. That is, the military mind emphasizes the “permanence, irrationality, weakness, and evil in human nature.” More focused on vice than virtue, the military mind is suspect of human cooperation and skeptical of change. For the soldier time is the primary measure of value; the military mind favors the status quo. It is “pessimistic” and “historically inclined…It is, in brief, realistic, and conservative.”
Today the military mind finds itself in the company of another mind—the “innovative mind.” While the military mind is conservative the innovative mind is open to experimentation with new ideas. The military mind doubts human nature while the innovative mind trusts in collaboration. The two do not naturally mix, and yet they depend on each other, especially so the military mind on the innovative mind. The paradox of the military mind is that it is increasingly reliant on, yet incompatible with, the innovative mind. This article explores the paradox and how to manage it.
The Military Mind versus the Innovative Mind
There is no single “military mind” or “innovative mind.” The two minds simplify the rich diversity of military members and innovators. Simplifications leave out details but can also clarify comprehensive truths. Huntington’s military mind and today’s innovative mind do not perfectly describe any one individual, yet they hold true at the general level.
Huntington’s ideal military mind was reverse-engineered; he asked what kind of mind was necessary to defend the country, and concluded that a skeptical worldview was the best insurance in a risky and uncertain world. The military mind had to be skeptical of human nature and progress in order for the military to serve its function effectively. Sixty years after describing the military mind, Huntington’s argument has been deeply woven into the American military culture. And thus Huntington has met his own criteria for value—he withstood the test of time. The Soldier and the State, as part of the military canon, frames the ideal image of ourselves and guides our actions as we seek to maintain that image.
Radical Change Is The Norm In The Age of Innovation.
When Huntington wrote The Soldier and The State, the military mind was meant to balance the mind of a liberal democratic citizen. The civilian mind, in Huntington’s argument, could afford to view the world as cooperative as long as the military mind retained its conservative view. The two minds would coexist but leave each other to their own space. Since then a new variant of the civilian mind has developed—the “innovative mind” is the civilian mind that Huntington envisioned, only adapted for the age of innovation. The age of innovation is the period of hyper-connectivity and information sharing created by the information technology revolution of the 1990s, and it is still unfolding today.
Radical change is the norm in the age of innovation. The most powerful companies of this generation work with collaborative technology that was largely unheard of one generation ago, and the same will likely be true one generation from now. Today’s Google is built on an internet search algorithm that would have been difficult to imagine just 30 years ago;tomorrow’s Googlemay well be built on technology that seems like science-fiction today. The companies that succeed tomorrow will rely on experimentation with new ideas, rather than gradual improvement, to build new business. Their experimentation will be fueled by the pace and quality of their collaboration, and by their ability to weave knowledge together from a wide range of sources.
Warfare in this age of innovation has become increasingly reliant on information technology—the common operating pictures of network-centric warfare is an example. The military mind, then, must increasingly collaborate with the developers of information technology. The question today is whether the military mind can work with a mind characterized by experimentation and collaboration. And, if so, how?
Huntington’s Paradox in the Age of Innovation
Huntington’s military mind is not necessarily opposed to all forms of change. As military affairs became perceptively more complex, Huntington argued that officers should spend much of their time learning: “The intellectual content of the military profession requires the modern officer to devote about one-third of his professional life to formal schooling, probably a higher ratio of educational time to practice than in any other profession.” What Huntington opposed, however, was the transmission of values that undermined the conservative worldview. In his view the military mind could advance technologically as long as its view of human nature remained conservative, as long as it did not view human nature as inherently cooperative.
A military-industrial complex in which the military was the primary buyer allowed for such technological advancement. The military-industrial complex, to name three examples, developed battleships and aircraft carriers for the Navy, fighting vehicles for the Army, and cruise missiles for the Air Force. While private enterprise may have developed key technologies that enabled these innovations—power plants for the Navy’s ships is an example—the military-industrial complex adapted those technologies for operational use, and they did so on a timeline fitted to the military’s capacity for adopting change.
Military changes in the age of innovation will likely happen at a faster pace. In the fields of cyber security, biotechnology, neural analytics, and networked robotics, the military is just one buyer among many. The net effect of being one among many is that innovative minds dictate the pace of change to military minds rather than the reverse.[7, 8] The pace of change, already faster than the military mind is accustomed to, will likely only increase—methods such as machine learningpresage a new level of speed in the development of ideas. Putting those ideas to operational use will require the military mind to adopt the values of experimentation and cooperation. The military mind and innovative mind will meet in the rapid and frequent implementation of new technology.
The modern military mind is left with a paradox. On one hand Huntington’s ideal military mind is still necessary. Because of its role in protecting society, the military mind has no choice but to assume the worst: human nature is unchanging and a conservative outlook is the best last resort for defending the country. Yet, if the military mind is to fulfill its function in the innovation age, it has no choice but to rapidly adapt. The military has adapted before, especially in times of acute threat—the military embraced air and tank warfare in World War II, for example. The difference in the age of innovation is that adaptation will be the norm rather than the result of extreme circumstances. The military mind will be asked to regularly operationalize new technology in an uncertain world. In short, the military mind must be both conservative and open.
Building Common Ground
Managing this paradox is a challenge for the military as a whole, not necessarily individual minds within the military. Some aspects of the military bureaucracy can be wired for adaptability and cooperation, while others can be wired to maintain a conservative outlook. In a broad sense, the employment of force will require a conservative outlook, while the development of force capabilities will require an innovative outlook. The organizational challenge for the military is ensuring that these two minds collaborate without degenerating into acrimonious tribes.
Collaboration between the two minds can be helped by reform in two general areas. The first area is near-term and tangible, composed of reforms that make it easier for the military mind to do business with the innovation economy. This would include initiatives such as the Defense Innovation Unit Experimental (DIUx) in Silicon Valley and Boston. Fostering direct interaction between end-users and technology developers would be another, as would streamlining the acquisition process to closer approximate the timeline of a start-up.
These solutions, though, can only be partial without a more fundamental change. The second general area of reform would run deeper, to the intellectual roots of the divide between military and innovative minds. The two minds should study the other enough to forge shared meaning. With shared meaning comes a greater possibility for shared motivations. And if not shared motivations, then at least motivations that are mutually understood. Motivations that are mutually understood are less likely to be perceived as threatening. Ironically enough, perhaps the best advice for building this mutual understanding comes from Huntington himself through his emphasis on education.
A Liberal Education Can Endure Technological Change.
Huntington argued that the military profession should begin with a liberal education; his prescription should apply to innovators as well. A liberal education, which is an education in all sides of human nature, can create philosophical common ground between the conservative and cooperative outlook. The exposure of the military and innovation minds to the full range of human nature should be the foundation of a mutual understanding between them. Machiavelli’s The Prince, for example, is an education in the corruptible side of human nature, while Shakespeare’s King Henry IV and King Henry V are a testament to human adaptability.
These are but two examples of how a holistic view of human nature—a liberal, classical education—can build common ground between military and innovative minds. And a liberal education is only one aid to making the military more adaptable for the innovation age. Many other implements will be possible, as long as they fit the general criterion of building common ground between military and innovative minds. A liberal education is a fundamental solution, though, in that it can endure this generation of technological change and the many others that will follow. In a world where change will only come faster, building common ground between military and innovative minds is a national security imperative.
Brad DeWeesis a PhD candidate at the Harvard Kennedy School of Government and a former instructor of political science at the United States Air Force Academy, where he taught courses on American government and Innovation in Government. His primary career field is as a Tactical Air Control Party (TACP) officer. The opinions expressed in this article are the author’s alone and do not reflect the official position of the U.S. Air Force, Department of Defense, or the U.S. Government.
 Huntington, S.P. (1957). The Soldier and the State: The Theory and Politics of Civil-Military Relations. Harvard University Press, page 79.
 The Soldier and The State is regarded as a classic in civil-military relations, something that all subsequent works on civil-military relations must address. For an example of this argument, seehere.
 Huntington. The Soldier and the State, page 13.
 Huntington’s discusses the relation of the military professional ethic to the four major political ideologies of his time: liberalism, fascism, Marxism, and conservatism (pages 89-94). His discussion of liberalism is closest to what is described here as the “innovative mind.” Throughout the discussion Huntington paints liberalism as at odds with the military ethic: liberalism “opposes political, economic, and social restraints upon individual liberty. In contrast, the military ethic holds that man is evil, weak, and irrational and that he must be subordinated to the group” (90).
Featured Image: Atlantic Ocean (Apr. 15, 2005) – Air Traffic Controller 3rd Class Jeoffrey Keever writes the status of each aircraft on the status board in Carrier Air Traffic Controller Center (CATCC) aboard USS John F Kennedy (CV 67) during flight operations. The Mayport, Fla., based conventionally powered aircraft carrier Kennedy is currently conducting scheduled carrier qualification in the Atlantic Ocean. U.S. Navy photo by Photographer’s Mate Airman Apprentice Antonia Ramos (RELEASED)