Category Archives: Future Tech

What is coming down the pipe in naval and maritime technology?

Why Unmanned Systems Are The Go-To Option for Gray Zone Ops in the Gulf

Securing the Gulf Topic Week

By Heiko Borchert

Introduction

Current incidents in the Arabian Sea should be seized as an opportunity to advance naval conceptual thinking about unmanned maritime systems in gray zone operations. Gray zone activities are an astute object for concept development, as they “creep up on their goals gradually,” rather than involving decisive moves, as Michael Mazarr has argued. In response, Mazarr contends, gray zone operations will “call for a greater emphasis on innovation” as these operations take different forms and intensities and thus require varied responses. This coincides with the general need to devote more attention to concepts development that drives the use of new naval technologies such as unmanned systems.

Applying Unmanned Systems to Gulf Security

Maritime stability in the Arabian Sea has deteriorated significantly over the past couple of weeks. In response to the Iranian seizure of the Stena Imperio, a Swedish oil tanker under British flag, London reached out to different European capitals in view of establishing a maritime protection mission escorting commercial vessels through the Strait of Hormuz.

This incident and prior events in the Arabian Sea such as harassing commercial vessels with speedboats and assaults on commercial vessels are a perfect illustration of so-called gray zone activities. Located between war and peace, gray zone activities involve “coercive actions to change the status quo below a threshold that, in most cases, would prompt a conventional military response,” as Lyle J. Morris and others have suggested.

These activities raise an obvious question: How best to respond? Staying out of the region for an interim period, as the British government has advised U.K. shipping, has been interpreted as a watershed moment “when the UK admits it can no longer protect its merchant vessels.” But even if political support for the maritime protection mission matured, the question would remain if there were enough adequate platforms to do the job.

Deploying big capital ships or surface combatants to escort merchant vessels might send a strong message of resolve to Iran, but doubts remain if this approach is adequate. Past experiences in the Arabian Sea have made it clear that naval vessels remain vulnerable to speedboats operating at a high tempo in distributed maneuver operations. While this is certainly only one method of attack, it is most important for strategic communication. Small boats successfully attacking or deterring prestigious naval ships delivers a message that all gray zone actors want to convey.

It is time to supply navies with an additional option using unmanned systems. Unmanned maritime systems (UMS) have been developed and used for quite some time, but right now, the majority of unmanned maritime systems are used for mine countermeasures. There is an obvious operational need to do the job, concepts of operations are in place, and technology is mature. This makes a perfect fit, but more can be done.

Unlike gray zone activities in the South China Sea that involve the building of artificial islands to underline sovereignty claims and the use of naval militia and the coast guard to intimidate neighbors, Iran’s actions are of a different quality. In the Arabian Sea, mosaic defense emphasizes mass, speed, and surprise. Unmanned maritime systems would be ideal to respond because they can be built to be lost. This levels out current asymmetries between speed boats and big capital ships and denies the adversary the offensive on strategic communications. This attrition-like role is only one mission UMS could play in future maritime protection missions. Overall, the mission envelope could be much broader.

First, assuming that a maritime protection mission depends on persistent situational awareness and understanding, unmanned systems can be used to collect intelligence and provide reconnaissance. For this mission the emphasis should be on closing the sensor chain from seabed activities through the undersea world to the sea surface into airspace and space. In all of these domains unmanned systems are already in use, but more needs to be done to fuse data to augment the existing Recognized Maritime Pictures (RMP), for example to detect anomalies stemming from adversarial behavior at sea.

Second, unmanned systems at sea can push the defense perimeter out. Forward deployed unmanned surface vehicles (USV) could be used to intimidate an adversary’s embarking speed boat fleet thus delaying the launch of operations and creating “noise” that would send alarms to the RMP. A more wicked though not yet technically mature option would focus on very small, mine-like unmanned underwater vehicles (UUV). These assets could be deployed covertly by submarines or by air assets. These UUV could turn into a sort of adhesive explosives that stick to boats running over them, thus rendering them dysfunctional.

Third, unmanned maritime systems could be used for deception operations. A swarm of USV could enter a theater of operation disguised as a big capital ship on the adversary’s sensors. As the adversary prepares to counter the ship the USV swarm would disperse into many different smaller platforms thus out tricking the adversarial defense posture. A similar mission can be envisaged for the underwater domain where UUV are already used to imitate the signature of submarines.

Fourth, USVs could constitute the outer ring of maritime protection missions. Robust platforms could be equipped with remote-controlled weapon stations, like the Protector USV developed by Rafael Advanced Systems, to engage incoming speed boats or flying platforms. In addition, USV could be used to deploy electronic counter-measures, for example, to jam adversarial sensors and take out communications between unmanned aerial assets and the respective control units. 

Conclusion

While some of these ideas are closer to reality than others, what matters most is that concepts and operational requirements need to drive the use of unmanned maritime systems in gray zone operations. So far, the discussion about UMS mainly focuses on providing solutions to meet the needs that emerge in naval warfare areas such as mine countermeasures, anti-submarine warfare, or anti-surface warfare. However, gray zone activities cut across all of these tasks. Adequate responses need to adopt a more horizontal approach, as well looking at the technological building blocks that can be used for all missions. Here, the most recent decision of Belgium and the Netherlands to develop a toolbox of unmanned systems for mine-countermeasures shows the way to the future. This approach could be turned into a holistic concept to deal with UMS for maritime gray zone activities.

Putting extra emphasis on innovation and concepts development also opens up avenues for fruitful cooperation with the Gulf states that step up efforts to expand their own naval capabilities while at the same time ramping up efforts to establish a local naval industrial base. Involving them from the start would make sure that specific regional requirements could be adequately addressed while at the same time contributing toward building up local technology expertise in important  areas and incentivizing the establishment of local capabilities and concepts. In the long run this joint approach could help shoulder the burden to provide maritime stability in one of the world’s most pivotal regions.

Dr. Heiko Borchert runs Borchert Consulting & Research AG, a strategic affairs consultancy.

Featured Image: A Bladerunner craft fitted with the MAST system. (Wikimedia Commons)

U.S.-China Tensions and How Unmanned Military Craft Raise the Risk of War

This article originally featured in the Nikkei Asian Review under the title, “US-China tensions — unmanned military craft raise risk of war,” and is republished with permission. Read it in its original form here.

By Evan Karlik

The immediate danger from militarized artificial intelligence isn’t hordes of killer robots, nor the exponential pace of a new arms race.

As recent events in the Strait of Hormuz indicate, the bigger risk is the fact that autonomous military craft make for temping targets – and increase the potential for miscalculation on and above the high seas.

While less provocative than planes, vehicles, or ships with human crew or troops aboard, unmanned systems are also perceived as relatively expendable. Danger arises when they lower the threshold for military action.

It is a development with serious implications in volatile regions far beyond the Gulf – not least the South China Sea, where the U.S. has recently confronted both China and Russia.

If China dispatched a billion-dollar U.S. destroyer and a portion of its crew to the bottom of the Taiwan Strait, a war declaration from Washington and mobilization to the region would undoubtedly follow. But should a Chinese missile suddenly destroy an orbiting, billion-dollar U.S. intelligence satellite, the White House and the U.S. Congress might opt to avoid immediate escalation.

“Satellites have no mothers,” quip space policy experts, and the same is true for airborne drones and unmanned ships. Their demise does not call for pallbearers, headstones, or memorial statues.

As autonomous systems proliferate in the air and on the ocean, military commanders may feel emboldened to strike these platforms, expecting lower repercussions by avoiding the loss of human life.

Consider when Chinese naval personnel in a small boat seized an unmanned American underwater survey glider in the sea approximately 100 kilometers off the Philippines in December 2016. The winged, torpedo-shaped unit was within sight of its handlers aboard the U.S. Navy oceanographic vessel Bowditch, who gaped in astonishment as it was summarily hoisted aboard a Chinese warship less than a kilometer distant. The U.S. responded with a diplomatic démarche and congressional opprobrium, and the glider was returned within the week.

U.S. Navy oceanographic gliders record temperature and salinity, and are remotely piloted from a round-the-clock operations center in Mississippi. (U.S. Navy photo)

Lately, both Chinese and Russian navies in the Western Pacific have shown themselves bolder than ever. Early in June, south of Okinawa, the Russian destroyer Admiral Vinogradov came within tens of meters of the U.S. guided-missile cruiser Chancellorsville.

In September 2018, the American destroyer Decatur conducted a freedom of navigation transit near the disputed Spratly Islands in the South China Sea; it nearly collided with a Chinese destroyer attempting to ‘shoulder’ the American vessel off its course through these hotly contested waters.

In coming years, the Chinese military will find increasingly plentiful opportunities to intercept American autonomous systems. The 40-meter prototype trimaran Sea Hunter, an experimental submarine-tracking vessel, recently transited between Hawaii and San Diego without human intervention. It has yet to be used operationally, but it is only a matter of time before such vessels are deployed.

The U.S. Navy’s nearly $3 billion ‘Ghost Fleet’ initiative aims to develop a total of 10, 2,000-ton unmanned warships. Boeing recently edged out Lockheed Martin to begin construction of four extra-large unmanned undersea vehicles, each capable of transiting twelve thousand kilometers autonomously, for $43 million.

China’s navy may find intercepting such unmanned and unchaperoned surface vessels or mini-submarines too tantalizing to pass up, especially if Washington’s meek retort to the 2016 glider incident is seen as an indication of American permissiveness or timidity.

With a captive vessel, persevering Chinese technicians could attempt to bypass anti-tamper mechanisms, and if successful, proceed to siphon off communication codes or proprietary artificial intelligence software, download navigational data or pre-programmed rules of engagement, or probe for cyber vulnerabilities that could be exploited against similar vehicles.

No doubt Beijing is closely watching how the Trump administration responds to Iran’s downing of a Global Hawk surveillance drone on June 20, assessing U.S. willingness to punch back in kind, or to escalate.

Nearly 100,000 ships transit the strategically vital Singapore Strait annually, where more than 75 collisions or groundings occurred last year alone. In such congested international sea lanes, declaring a foreign navy’s autonomous vessel wayward or unresponsive would easily serve as convenient rationale for towing it into territorial waters for impoundment, or for boarding it straightaway.

More than 4,000 AI and robotics researchers have joined an open letter advocating a ban on autonomous offensive weapons that function without human supervision, and this past March, the U.N. Secretary-General decried such machines as “politically unacceptable, morally repugnant,” and worthy of international prohibition.

Such limits or controls on artificial intelligence would be immensely more difficult to verify when compared to existing inspection regimes for nuclear missiles or centrifuges. In the meantime, urgent action is needed.

A memorandum of understanding signed five years ago by the U.S. Department of Defense and the Chinese defense ministry, as well as the collaborative code of naval conduct created at the 2014 Western Pacific Naval Symposium, should be updated with an expanded right-of-way hierarchy and non-interference standards to clarify how manned ships and aircraft should interact with their autonomous counterparts. Without such guidance, the risk of miscalculation increases.

An incident without any immediate human presence or losses could nonetheless trigger unexpected escalation and spark the next conflict.

We should fear that, much more than killer robots.

Evan Karlik is a lieutenant commander in the U.S. Navy. He served last year as a Defense Fellow in the U.S. House of Representatives. His views are his own and are in no way intended to reflect the official position of the Department of Defense or the U.S. government.

Featured Image: (Feb. 1, 2019) The Sea Hunter, an entirely new class of unmanned sea surface vehicle developed in partnership between the Office of Naval Research (ONR) and the Defense Advanced Research Projects Agency (DARPA).(U.S. Navy photo)

Why We Will Never See Fully Autonomous Commercial Ships

By Commander David Dubay, USCG

The world will never see fully autonomous transoceanic commercial cargo ships. In fact, autonomous vessels are likely to operate in only very limited situations. In recent years, the prospect of fully autonomous vessels has become a hot topic for commercial shipping. The same fast-paced advances in technology that have led to projects to automate vehicles in every other sector of the transportation industry have also found their way to the shipping industry. Advances in camera technology, sensors, electromechanical actuators, and satellite technology appear to promise a world in which ships will soon traverse the oceans without a human on board. The International Maritime Organization (IMO) and the Comité Maritime International (CMI) are already exploring how autonomous vessels would fit into the existing framework of international maritime law.

Yet, while it is laudable to plan for the future, autonomous vessels operated by computers and remote operators quite simply pose too many vulnerabilities and they likely will prove too expensive to replace today’s manned vessels. The professional merchant mariners who operate ships today are the crucial on-scene decision makers, repairmen, and physical security providers who make commercial shipping secure, efficient, and inexpensive. Once we get past the promises and hyperbole, the risk of collisions, legal liabilities, and environmental calamity will ensure that some critical number of humans will persist onboard ships. Advances in technology will continue to make shipping safer and more efficient, but they will not eventually replace the human masters and crews that serve on today’s commercial vessels.

Despite all the excitement, the benefits of autonomous ships are still very much up for debate. For shipping companies, a switch to autonomous vessels promises cost savings from not having to pay for a master and crew, and perhaps from increased safety. But scores of new operators and technicians would be required to make a system of autonomous vessels work. The equipment to automate a ship will be extremely expensive and would introduce many new potential points of failure into commercial shipping. Autonomous vessels may reduce the number of accidents caused by human negligence, however, the relative safety of autonomous vessels versus manned vessels is pure speculation at this point. Autonomous ships could potentially be more efficient if the space for the crew could be dedicated to additional cargo. But ships will still likely need to have systems and controls in place to allow them to be operated with human master and crew when there are system failures. Autonomous vessels may result in better working conditions overall in the shipping industry as they would eliminate the need to find workers to fill the many difficult and hazardous jobs at sea. But the elimination of merchant mariner jobs would be a tremendous financial blow to those workers in those jobs today.

Recent articles have proclaimed that autonomous vessels are here or just on the horizon and seem to take the adoption of autonomous vessels as a certainty. At an initial glance, the future of autonomous vessels appears very promising. For small vessels the technology that is needed to automate a vessel is here today and is available enough that even a hobbyist can build an autonomous vessel. In 2017, SEA CHARGER, a small solar powered and unmanned home-built boat successfully completed a trip from California to Hawaii using GPS and a satellite modem for guidance and connectivity. And companies in the shipping industry are already using technologies that could eventually be used to automate larger vessels. The newest vessel of the the Red and White Fleet, a San Francisco charter boat company, is a hybrid diesel electric with a 160 kilowatt lithium ion battery pack that provides enough power for the ship to do a one-hour Golden Gate cruise on battery power alone.

One present obstacle for automating larger vessels is battery technology. At the outset, today’s batteries simply do not have the energy density necessary to power larger commercial vessels. Higher capacity and more powerful electric batteries that are powerful enough to move larger ships will likely be developed in the future. However, current battery technology has limitations. Lithium ion batteries, the type used for automated vehicles and aircraft, can explode if overcharged and further, large lithium ion batteries need to be temperature controlled to work properly.

Even more challenging obstacles to the success of autonomous vessels will be the expense and complexity of designing such systems. The technical challenge of operating a large cargo ship autonomously on the open oceans for days or weeks at a time will require a command and control system that does not exist today and may be impractical to build. Seamanship and navigating a ship safely is a challenge with a full complement of crew members on board. Automated ships will require command centers, computers, advanced satellite communications systems, other electronic devices, remote operators, and other technicians. Autonomous vessels would save money by not having a crew, but shipping companies will in many cases be simply replacing merchant mariners with other workers, most likely more expensive technical workers, who will work in offices on land or will be on call to assist autonomous ships across the oceans. Shipping companies will likely need multiple redundant command centers to provide the robust level of connectivity required for the safe and secure operation of these ships.

All of this advanced technology will be very expensive and much of the expense will be the cost of designing and operating a system capable of providing the propulsion, navigation controls, and stopping power necessary to operate a ship continuously in the harsh ocean environment. Weather, wind, waves, fog, obstructions, marine mammals, salt water, weather, birds, other ships, sounds, and almost anything else imaginable is encountered out on the open ocean. An autonomous ship will require incredibly complex technology to withstand the chaos of the ocean environment and enable a ship to respond remotely to any incident or emergency. It is still an open question whether today’s controls and communications technologies are sufficiently robust and capable so as to be relied on for commercial shipping in place of a human crew.

The most serious concern regarding autonomous vessels is the one that will very likely keep them from ever being employed: the risk of exploitation by adversaries, hackers, terrorists, criminals, and other malign actors. Autonomous vessels’ dependence on the electromagnetic spectrum and cyberspace infrastructure coupled with the lack of any human on-scene responders will provide an opportunity for others to interfere with these ships and potentially use them as weapons or for profit. The challenge for system designers is that the characteristics or features that make an automated system feasible for commercial application, such as standardization, continuous communications, and periodic updates, also provide exploitable opportunities for bad actors. Autonomous commercial cargo vessels would provide too easy a target of opportunity for theft, misuse, interference, or worse.

Conclusion

Some reality must be injected into the debate over autonomous ships. It is a truism that electronic and mechanical systems will eventually fail. For vital applications where human lives are at risk such as for aircraft, system engineers design in wide tolerances, safeguards, and multiple levels of redundancy to ensure an adequate margin of safety. The challenge in designing autonomous vessels is building both a safe and secure system that will function effectively in all ocean and maritime conditions without human beings on board and one that is not capable of being exploited by bad actors. Such a system, even if possible to build, would likely be too expensive for companies to build and operate compared to human crew. As a result, autonomous vessels are extremely unlikely to displace the human network of maritime professionals that have always made the maritime transportation system safe and secure.

Commander David Dubay is a Military Professor of International Law and Associate Director for the Law of Maritime Operations, Stockton Center for International Law, U.S. Naval War College, Newport, Rhode Island. The views presented are those of the author and do not necessarily reflect the official policy or position of the U.S. Navy, U.S. Coast Guard, or the U.S. Naval War College.

Featured Image: HMM Dream (Wikimedia Commons)

Navy Culture Must Be Adapted to Fit the Information Age

By Lieutenant Commander Travis D. Howard, USN

A recent independent review of the Navy’s cybersecurity posture, completed in March 2019, was predictably harsh on our Navy’s current culture, people, structure, processes, and resourcing to address cybersecurity.1 For many of us within the Information Warfare discipline, much of this report does not come as a shock, but it does lay bare our cultural, structural, and procedural problems that the Navy has been struggling with since the turn of the century.

The 76th Secretary of the Navy, Richard V. Spencer, should be applauded for enabling open and honest dialogue on the key issues of this report by releasing it for public comment and professional discourse. The review found that the Navy was not “optimally focused, organized, [nor] resourced” for cyberwar.2 Such transparency has been the hallmark of the naval service for centuries, and is largely the reason why such robust professional forums such as the United States Naval Institute (USNI) and the Center for International Maritime Security (CIMSEC) continue to thrive.

The report was particularly critical of the Navy’s culture, stating that the Navy is “preparing to win some future kinetic battle, while it is losing the current global, counter-force, counter-value, cyberwar.”3 The report goes on to recommend that the highest levels of Navy leadership adjust the service’s cultural landscape to become more information-centric, rather than platform-centric. This excerpt is particularly vexing:

“Navies must become information enterprises who happen to operate on, over, under, and from the sea; a vast difference from a 355 ship mindset.”4

In truth, the Navy that acts as an information enterprise and the Navy that pursues the tenants of traditional naval warfare as laid out by naval doctrine are not mutually exclusive. Our drive toward a bigger, better, and more ready Navy, aligned to the National Defense Strategy, requires a naval culture ready for high-end conflict but active and engaged in all levels of conflict below lethal combat. The adoption of information enterprise core principles certainly has a place in our doctrine; in fact, it’s already there but lacks proper execution and widespread cultural adoption as a core competency across all warfare communities. Navy culture can be adapted to better fit the information age, but it will take the entire Navy to do it and not just a single community of effort.

Information is Already in our Doctrine, but Prioritization Must Improve

The 31st Chief of Naval Operations (CNO), Admiral John Richardson, released a Design for Maintaining Maritime Superiority shortly after assuming his role, and recently released an update (Design 2.0) to compliment the 2018 National Defense Strategy. The CNO put information warfare at the center of his strategic thinking, and challenged the Navy’s operational and resourcing arms to “adapt to this reality and respond with urgency.”5 But this change in the security environment wasn’t new to this CNO, in fact, it was foreseen decades ago by thinkers like CAPT (ret.) Wayne P. Hughes, a venerated naval tactician and professor emeritus at the Graduate School of Operations and Information Sciences of the Naval Postgraduate School. Early versions of Hughes’ Fleet Tactics and Coastal Combat, required reading in graduate-level naval officer training, placed information, rapid adoption of technology, and intelligence at the forefront of effective maritime operations in the modern age.6

If we’ve valued information in warfighting all along, then why are we failing to adapt our naval culture to the Information Age? The Cybersecurity Readiness Review cuts straight to the point: “… cybersecurity continues to be seen largely as an ‘IT issue’ or ‘someone else’s problem.’”7 In our haste to stand up a community of practice to do all the cyber things we, as a Navy, failed to make the necessary cultural changes that should have accompanied it.

Why hasn’t the growth of the Information Warfare Community focused the Navy’s culture appropriately? After all, creating such specialized warfare communities has always worked well in the past, as any aviator can attest to. Truthfully, the problem is bigger than just one community; the subsequent decades saw the rise of global information technology as central to nearly everything we do, and every Sailor now uses the network as a primary on-the-job resource. The loss of email, web browsing, and support systems that handle tasks from personnel to logistics can and does result in work stoppage; any assertions to the contrary, that workarounds or manual methods still exist, do not accept the reality of the situation.

Cultural change is long overdue, and just like a Marine or Soldier learns how to handle their weapon safely and effectively from day one, we must now train and mentor our Sailors to use the network in the same vein. No more can we flippantly say “we have people for that” when faced with information management and cybersecurity problems, putting effort into modernizing complex systems and enhancing Information Warfare’s lethality, while ignoring the power a single negligent user could wield to bring it all down. It’s all hands on deck now, or the Navy faces the very real possibility of fumbling the opening stages of the next kinetic fight.

Security is Already an Inherent Part of Navy Culture

The good news is that information security is already an intrinsic part of being a member of the armed forces, uniformed or civil service. Security clearances, safe handling procedures for classified information, and cryptography practices like two-person integrity have been trained into the workforce for decades. Protecting information is as much a part of our culture as operating weapons systems or driving warships.

The Navy’s training machine should find ways to leverage this existing culture of compliance to incorporate dynamic and repetitive ways to reach all Sailors at all stages of development – from boot camp to C school, from initial officer training to graduate school, focused on making each Sailor a harder target for information exploitation. Each engagement should be tailored to fit the environment and to complement subject matter: initial user training should teach how to report spear-phishing, practice OPSEC on social media (and how to spot adversarial attempts to collect against them), and recognizing unusual activity on a network workstation. A more senior Sailor in C-school might learn how to look at cybersecurity from a supervisory perspective, managing a work center and a group of network assets, and how to spot and report insider threats both malicious and negligent. An officer in a naval graduate program, such as at NPS or the Naval War College, would take advanced threat briefings on adversarial activity targeting rank-and-file users on the network, and how to incorporate such threat information into wargaming to inform the strategic and operational levels of war.

Some of these actions are already in the works, but the emphasis should be on how to engage Sailors in multi-faceted, multi-media ways, and repetition is critical. Seeing the same concept in different ways, in different case studies, reinforces better behavior. The Navy is no stranger to this training method: we are masters at repetitive drills to train crews to accomplish complex actions in combat. Reinforcement of this behavior cannot come fast enough. Incidents attributed to negligent network users are on the rise, and cost organizations millions of dollars a year.8 The Navy is no exception: category-4 incidents (improper usage) are too common.

Ultimately, the objective should be a Sailor who understands cyber hygiene and proper use of the network as a primary on-the-job tool, just as well as any Soldier or Marine knows his or her rifle. Sailors go to sea aboard complex warships with integrated networked systems that run everything from Hull, Mechanical, and Electrical (HM&E) systems to combat systems and weapons employment. The computer is our rifle, why shouldn’t we learn how to use it more safely and effectively?

Keys to Success

Cultural change is hard, but lessons learned from our past, best practices from the private sector, and good old fashioned invasive leadership (the kind the Navy does very well) can adjust the ship’s rudder and speed before we find ourselves much further in shoal water.

Top level leadership must set the conditions for success, but they have to believe in it themselves. Our Sailors can easily tell when a leader doesn’t fully commit to action, paying lip service but nothing beyond it. They are also hungry to follow a leader who has a passion for what they do. To effect change, passionate leaders need to take center stage with the authority and resources necessary to translate change into action at the deckplate level. When a Sailor sees a top-level message about a desired change, then sees that change actually happening in their workspace, it becomes real for them. Let’s also trust them to understand the threats, rather than keeping the “scary” threat briefs at the senior levels.

Successes must be celebrated, but failures must have real consequences. It’s time to get serious about stopping insider threats, specifically negligent insiders. Too often the conversation about insider threats goes to the criminal and malicious insiders, ignoring the most common root of user-based attack vectors. Our Sailors must be better informed through regular threat briefings, training on how to spot abnormal activity on the network, and clear, standardized reporting procedures when faced with phishing and other types of user-targeted attacks. Those who report suspicious activity resulting in corrective action should be rewarded. Likewise, those who blatantly ignore established cyber hygiene practices and procedures must face real consequences on a scale similar to cryptographic incidents or unattended secure spaces. This will be painful, but necessary to set our user culture right.

Effective training begets cultural change. We must take advantage of new and innovative training methods to enrich our schoolhouses with multimedia experiences that will reshape the force and resonate with our new generation of Sailors. The annual Cybersecurity Challenge should be retired, its effectiveness has been questionable at best, and replaced with the same level of rigor that we used to attack no-fail topics like sexual assault prevention. With the stand-up of a Director of Warfighting Development (N7), and the lines of effort within the CNO’s Design 2.0 rife with high-velocity learning concepts, the near-future landscape to make this sea change looks promising.9

Conclusion

The Navy has spent the better part of 30 years struggling to adopt an information-centric mindset, and the good news is that operational forces have come a long way in embracing the importance of information in warfare, and how it permeates all other warfare areas. Yet our culture still has a long way to go to break the now dangerously misguided notion that information management and cybersecurity are something that “we have people for” and doesn’t concern every non-IW Sailor. The IW Community has come a long way and can do a lot to further the Navy’s lethality in space, cyberspace, and the electromagnetic spectrum, but it can’t fix an entire Navy’s cultural resistance to change without strong assistance.

Secretary Spencer, in his letter introducing the public release of the 2019 Cybersecurity Readiness Review, noted that “the report highlights the value of data and the need to modify our business and data hygiene processes in order to protect data as a resource.”10 He highlighted that cross-functional groups were already underway to address the findings in the report, and surely the machinations of the Navy Headquarters are more than capable of making the necessary changes to the Navy’s “policy, processes, and resources needed to enhance cyber defense and increase resiliency.”11 But culture, that’s all of us, and we must be biased toward change and improvement. We are the generation of naval professionals who must adapt to this reality and respond with urgency.

Lieutenant Commander Howard is an Information Warfare Officer, information professional, assigned to the staff of the Chief of Naval Operations in Washington DC. A prior enlisted IT and Surface Warfare Officer, his last operational assignment was as the Combat Systems Information Officer aboard USS ESSEX (LHD 2) in San Diego, CA.

References

[1] The Hon. Michael J. Bayer, Mr. John M. B. O’Connor, Mr. Ronald S. Moultrie, Mr. William H. Swanson. Secretary of the Navy Cybersecurity Readiness Review (CSRR), March 2019. https://www.navy.mil/strategic/CyberSecurityReview.pdf

[2] Ibid

[3] Ibid

[4] Ibid

[5] Chief of Naval Operations, December 2018. Design for Maintaining Maritime Superiority, Version 2.0. https://www.navy.mil/navydata/people/cno/Richardson/Resource/Design_2.0.pdf. p. 3

[6] Wayne P. Hughes, 2000. Fleet Tactics and Coastal Combat. Annapolis, MD: Naval Institute Press.

[7] Bayer, et al., CSRR 2019, p. 12

[8] Security Magazine, Apr 24, 2019. “What’s the Average Cost of an Insider Threat?” https://www.businesswire.com/news/home/20180424005342/en/Research-Ponemon-Institute-ObserveITReveals-Insider-Threat

[9] CNO, Design 2.0, p. 13

[10] Secretary of the Navy, 12 Mar 2019. Letter accompanying public release of the CSRR 2019. https://www.navy.mil/strategic/SECNAVCybersecurityLetter.pdf.

[11] Ibid.

Featured Image: U.S. 7TH FLEET AREA OF OPERATIONS (Oct. 16, 2015) Operations Specialist 1st Class Keith Tatum, from Americus, Georgia, stands watch in the Combat Information Center (CIC) aboard the guided-missile cruiser USS Normandy (CG 60) during an air-defense exercise as a part of the joint exercise Malabar 2015. Malabar is a continuing series of complex, high-end warfighting exercises conducted to advance multi-national maritime relationships and mutual security. Normandy is deployed to the U.S. 7th Fleet area of operations as part of a worldwide deployment. (U.S. Navy photo by Mass Communication Specialist 3rd Class Justin R. DiNiro/Released)