Download 2019 Cybersecurity Readiness Review - Secretary of the Navy Book in PDF, Epub and Kindle
This 2019 report is in response to the request of the Secretary of the Navy to conduct an independent Cybersecurity Readiness Review following the loss of significant amounts of Department of the Navy data. Attached are the findings of that review along with specific recommendations for your consideration as you determine the way ahead for the nation's Navy. The review examined cybersecurity at the governance layer and identified five critical pillars key to cybersecurity readiness: culture, people, structure, processes, and resources. The team interviewed dozens of senior military leaders as well as Chief Executive Officers, Chief Operating Officers, Chief Information Officers, and Chief Information Security Officers from several Fortune 500 companies with deep experience in implementing successful cybersecurity measures following significant incidents of their own. We identified best-practices in both government and private sector organizations who are demonstrating success in contending with cyber threats.This compilation includes a reproduction of the 2019 Worldwide Threat Assessment of the U.S. Intelligence Community. Scope and Methodology * Chapter 1: Introduction * Economic Security, National Security, and Cybersecurity * The Eroded Military Advantage * The Department Today * DIB Observations and Vulnerabilities * What Follows * Chapter 2: Culture * The Role of Culture as a Governance Tool to Achieve Cybersecurity * Culture Best Practices * State of Today's Naval Service Culture * Culture Recommendations * Chapter 3: People * The Role of People as a Governance Tool to Achieve Cybersecurity Resiliency * People Best Practices * State of Today's Naval Service People * People Recommendations * Chapter 4: Structure * Role of Structure as a Governance Tool to Achieve Cybersecurity Resiliency * Structure Best Practices * State of Today's Naval Service Structure * Structure Recommendations * Chapter 5: Process * The Role of Process as a Governance Tool to Achieve Cybersecurity Resiliency * Process Best Practices * State of Today's Naval Service Process * Process Recommendations * Chapter 6: Resources * Resources Best Practices * State of Today's Naval Service Resources * Resources Recommendations * Final ThoughtsIn time, this era's opponent will overmatch our nation in manpower, industrial capacity, intellectual capital, and eventually financial resources. We, not they, stand to become the near-peer. Given this relative erosion of US dominance over time, every differentiating idea or intellectual product gained or lost is material. More importantly, in the years to follow, it will have compounding effects in advantage or disadvantage. That reality demands every bit of relevant intellectual property (IP) must be defended, but the relevant IP to be protected must expand beyond what we now protect, to that which our rivals want.The failure to protect Navy and Marine Corps information systems and IP is an existential threat to their existence. To the extent the Department of the Navy (DON) assesses its performance in this realm, it judges itself against and ahead of the private sector and its sister services. We do not believe either to be true. The DON should be assessing itself against the best of the private sector and its global rivals. We find the DON preparing to win some future kinetic battle, while it is losing the current global, counter-force, counter-value, cyber war. Knowing and acting on that new reality is essential for the DON. The Secretary of the Navy was correct to question if the current cybersecurity governance structure was optimally focused, organized, and resourced. We find it is not. What follows are best practices and solutions that can put the DON on the right path. Getting this right and underway can only be done by those who govern the Navy and Marine Corps.
