US Department of Navy publishes Cyberspace Superiority Vision to guide pursuit of cyberspace superiority, improve cyber posture
The U.S. Department of the Navy (DON) released its Cyberspace Superiority Vision (CSV) to guide its pursuit of cyberspace superiority and improve cyber posture. The document identifies the need to increase resiliency and prepare to ‘fight hurt’ to survive adversary cyberattacks while laying the groundwork for developing the capable cyber forces required to strike adversaries in and through the cyber domain.
The Cyberspace Superiority Vision charts the department’s pursuit of cyberspace superiority guided by three principles – Secure, Survive, and Strike. These principles encompass the DON’s cyberspace activities across the entire competition continuum, from day-to-day competition to crisis and conflict. They are fundamental to maintaining maritime dominance and enabling sustained operations in cyber-contested environments by the Navy and Marine Corps.
It is the DON’s responsibility to ensure systems are secure, infrastructure and weapon systems are survivable, and cyber operators can strike in and through cyberspace at a time and place of the commander’s choosing.
“The principles of secure, survive, and strike build an enduring advantage for the Department of the Navy and enable our force to prevail in competition, crisis, and conflict,” wrote Christopher Cleary, DON’s principal cyber advisor (PCA), in a media statement.
The Cyberspace Superiority Vision’s principles build on objectives in the DON Chief Information Officer’s Information Superiority Vision (ISV) to modernize, innovate, and defend DON’s cyber infrastructure. The ISV and the Cyberspace Superiority Vision together serve as the DON’s framework for achieving cyberspace and information superiority.
The DON PCA’s mission is to drive excellence in DON’s cyber security, resiliency, and warfighting efforts to enable and maintain maritime dominance. The DON PCA advises senior Navy and Marine Corps leadership on all cyberspace activities annually certifies cyber budget adequacy and implements the Department of Defense Cyber Strategy.
As part of the ‘Secure’ component of the Cyberspace Superiority Vision, the document outlines strong cybersecurity for information technology, networks, data, critical infrastructure, platforms, and weapon systems is foundational to achieving cyberspace superiority. The DON requires sustained investment in dynamic cybersecurity defenses to protect our systems from attacks. This is a continuous process.
“Our adversaries – state and non-state alike – constantly innovate and develop new vulnerability exploits in our attack surface,” the DON’s Cyberspace Superiority Vision said. “We cannot neglect our vulnerabilities in the cyber domain. We envision a DON that consistently fields best-in-class cybersecurity safeguards, retains its excellent cyber talent and cultivates a professional cybersecurity and cyber warfighting culture.”
As part of its ‘Survive’ module, the Cyberspace Superiority Vision said that “we recognize that even with the most cutting edge and agile cybersecurity capabilities, cyberattacks will occur. Resiliency is key to success, and we envision a DON that can ‘fight hurt.’ This includes training our non-cyber Sailors, Marines, civilians, and contractors on sustaining operations in denied or degraded environments, improving their ability to rapidly respond and recover from attacks.”
It adds that “we will continue to institutionalize progress made on “baking in” cybersecurity to new systems during the development and acquisition process while enhancing cyber defenses for deployed platforms. We must prioritize effective cybersecurity over reduced procurement costs for mission accomplishment. The strategic environment demands it.”
For its ‘Strike’ module, the Cyberspace Superiority Vision outlined that cyberspace is a warfighting domain and critical maneuver environment. “It is unthinkable to cede the maritime, air, or land domains to adversaries without a fight, and the DON must view cyberspace in the same way. It is not enough to statically defend our systems, installations, and networks.”
“We must dynamically project power in and through cyberspace as part of integrated deterrence. That requires manned, trained, and equipped cyber forces that can defend forward, persistently engage adversaries, and deliver non-kinetic effects at speed,” the document said. “We envision a Navy and Marine Corps performing joint operations in the cyber domain and achieving cyberspace superiority at a combatant commander’s designated time and place.”
Last week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released voluntary and not comprehensive cross-sector cybersecurity performance goals (CPGs) to help establish a standard set of fundamental cybersecurity practices for the critical infrastructure sector. These benchmark goals will benefit small and medium-sized organizations as they kick-start their cybersecurity efforts. In addition, as they are measurable, organizations across the size and maturity spectrum will understand what actions to take and how to self-assess progress toward meeting the goals.
Related
