NATIONAL HARBOR, Md. — The U.S. Navy has framed cybersecurity incorrectly for years and is now chipping away at a new approach that better suits the contemporary environment, the service’s chief information officer said Tuesday.
“I have made the assertion now, publicly, multiple times. You may have heard me say it. But I believe that the way that we view cybersecurity in the Department of Navy is wrong,” Aaron Weis said at the Sea-Air-Space conference. “We view cybersecurity as a compliance problem, and it is most definitely not a compliance problem.”
Instead, Weis explained, cybersecurity should be treated like the broader concept of military readiness. A more holistic lens would emphasize active cyber management — considering a range of factors — and could inch away from red tape, audits and boxes that need checking. Essentially, traditional assessments of equipment, logistics, training and personnel, among other things, could find their equal in the digital domain.
“We have 15 years of track record that proves that the current approach to cybersecurity, driven by a checklist mentality, is wrong,” Weis said. “It doesn’t work.”
Sailors and other military officials were warned in February they were targets for cyberattacks amid troubled Sino-U.S. relations and Russia’s invasion of Ukraine.
Source: Defense News