On August 4, 2022, Secretary Del Toro released a Strategic Intent for Cyber Ready memorandum that provides guidance for transforming the Department of the Navy’s approach to cybersecurity by pivoting from a compliance mindset to a dynamic model rooted in the philosophy of readiness and currency. This shift to a preemptive and active Cyber Ready state builds on the DON’s Information Superiority Vision, and will improve the DON’s cyber defenses while also speeding the process of acquiring cyber secure systems.
Cyber Ready is a continuous state of cybersecurity awareness, where the right to operate is earned and managed every day. A Cyber Ready posture ensures secure delivery of information into the right hands at the right time, through the acquisition and deployment of systems that are designed to be cyber secure.
To transition from the current compliance-based approach for cybersecurity to Cyber Ready, DON will pursue the following seven lines of effort (LOEs):
- Cyber Metrics: Measure cybersecurity holistically with a risk and readiness Zero Trust mindset.
- Build on Risk Management Framework (RMF) Reform. Accelerate the Authority to Operate (ATO) process with automation and leverage inheritance models to reduce the allocated control sets that programs are responsible and accountable for.
- Cyber Currency: Move to an ongoing ATO that is maintained through Cyber Currency.
- Adversarial Assessment. Adopt a “trust but always verify” mindset (leverage automated penetration testing, audits, and data from continuous monitoring).
- Data Analytics: Democratize insight by providing visibility into the Cyber Ready posture to those who need to know the risks they are assuming.
- Acquisition Changes: Provide programs the tools to develop systems that are “born” Cyber Ready and remain ready through Cyber Currency.
- Workforce: Deliver ongoing training to keep the acquisition and cyber workforce informed on the current processes and tools.
Within 30-days of this memo, the DON Chief Information Officer (CIO), Deputy Assistant Secretary of the Navy for Information Warfare and Enterprise Services, and DON Deputy CIOs for both the Navy and Marine Corps will appoint leads and supporting organizations for each of the LOEs.
TAGS: CISO: Cybersecurity, Cybersecurity, IA, InfoSharing, Strategy, Workforce
Related CHIPS Magazine