At the 2019 AFCEA WEST conference, Naval, Marine and Coast Guard leadership, government officials, and industry representatives gathered to discuss challenges and potential solutions that can ensure the Navy’s ongoing capability to meet their mission and protect vital U.S. interests.
Technology is at the foundation of many of the Navy’s plans; at WEST, certain themes came up again and again, according to Tim Smith, senior director of civilian government and federal systems integrators for SolarWinds. “Incorporating DevOps and SecDevOps into their operational mantra is certainly something we heard repeatedly,” Smith said. He explained that many of the Navy officials he heard from said that it takes too long to deliver applications that need to be supported for the warfighter. DevOps and the technologies that support and surround it, he explained, are critical to shortening that cycle.
SolarWinds Senior Federal Sales Engineering Manager, Omar Rafik, said that a top Navy priority discussed at the show was related to an obvious, but difficult challenge: the disconnected nature of ships at sea. “The inability to monitor ships from a remote location came up quite often,” he said. “Ships only connect for a few moments at a time, when they get good satellite signal. But for the most part they’re disconnected for long periods of time, and that means no access to what’s going on onboard the ship.” Rafik said resolving this issue is critical for the Navy, and the industry is focused on coming up with a solution.
Of course, cybersecurity for government agencies is an essential part of any discussion of the DoD’s current and future plans. At WEST, the conversation was focused on both technology and the human side of security.
At a panel discussion on how to “leverage information to win the multi-domain fight,” Smith said the panelists—Navy Admirals and Marine and Army Generals, were straightforward about the need for cooperation and collaboration, while also maintaining the utmost security. Several panelists referred to the OODA loop, the cycle of “Observe-Orient-Decide-Act.” It was in this context, Smith explained, that the panel noted, “We need to observe, we need to orient, we need to decide, we need to act, but we also have to have security across that multi-domain fight.”
At the same time, the Navy is dealing with many of the same security issues found elsewhere, not just in DoD, but in civilian government and the commercial world. “One thing we hear about a lot, and this conference was no exception, is the issue of insider threats,” Rafik said. “It’s the number one thing that keeps IT professionals up at night, as we’ve seen in surveys that SolarWinds has done.” But it’s not necessarily malicious insiders that are the problem; Rafik pointed to insider threats due to carelessness and the lack of training as a major recurring issue.
Smith pointed out another human factor in the security equation. “Like other branches of the military, the Navy faces constant turnover. So how do you make sure that the person that had elevated access on a ship or on a shore facility, who’s now transferred out, has their privileges disabled while the new person is enabled? And how can you report on that?” Network and access rights management tools, supporting a rigorous strategy and process, can be brought to bear on this thorny issue.
What this means for Navy leadership is, as always, a juggling act. While dealing with the day to day of supporting the fleet and personnel dispersed around the world, they must also look at the need for digital transformation.
“What I heard at WEST is, going back to my earlier comment about DevOps and SecDevOps, that the Navy is trying to be much faster,” Smith explained. “They’re trying to do tech refreshes every 12 to 18 months.” And, while some of the challenges are tech-related, there is also the challenge of getting things acquired, he explained. Still, Smith said, the outlook is positive. “Essentially, they want to accelerate adaptation of new technologies so that they can support the warfighter.”