Navy Beefing Up At-Sea Enterprise Network
Photo: Defense Dept.
SAN DIEGO — The Navy is working to make its enterprise networks more agile and easily updated as the service prepares for future multi-domain conflict with near-peer competitors, officials said.
Rear Adm. Christian “Boris” Becker, Space and Naval Warfare Systems Command commander, said that the service should feel “a renewed sense of urgency” as Pentagon leadership calls for a pivot to great power competition with countries including Russia and China.
“The fact that we need to be ready for war next week does not mean we take our eye off the ball or let the ball drop” with regard to creating long-term capabilities, he said in an interview with National Defense. “Rather, you should not waste your time today.”
Conflict already exists within the cyber world, he added. “Whether it’s criminal activities or potentially other [malicious] activities, we have to be ready for those sorts of things today.”
The Navy is moving forward with developing its next-generation tactical afloat network which will enable the service to better streamline its technology for information warfare, Becker said. The consolidated afloat networks and enterprise services, or CANES, program will combine legacy shipboard, submarine and shore-based command, control, communications, computers and intelligence, or C4I, network systems into one entity to increase capability and affordability across the fleet, according to the service.
“We have got to … turn CANES into the information warfighting platform,” Becker said at the annual WEST conference in San Diego co-hosted by the Armed Forces Communications and Electronics Association and the U.S. Naval Institute.
Northrop Grumman won the full-deployment production contract in 2014. The indefinite-delivery/indefinite-quantity multiple award contract has a potential value of $2.5 billion over eight years, according to the company. The Navy anticipates that the systems will be operational across the fleet by 2023.
CANES will be installed on all Navy platforms, including ships, submarines and land sites. The program will eliminate many legacy standalone shipboard networks and provide a common computing environment for a range of C4I applications, according to Northrop Grumman. This will help strengthen the network infrastructure, improve security, reduce its existing hardware footprint and decrease total ownership costs.
CANES will provide “the infrastructure and services required for the Navy to dominate the cyber warfare domain,” said Rear Adm. Brian E. Luther, deputy assistant secretary for the Navy for budget during a briefing with reporters on the fiscal year 2019 presidential budget request. Service documents include over $477 million for CANES-related work in 2019.
The program is currently in full-rate production, and the system has been installed on 66 platforms so far, said Capt. Kurt Rothenhaus, program manager for the Navy’s tactical networks program office.
Industry partners can help the service enhance CANES’ cyber resiliency with tools that will help sailors operate the system in highly contested environments, Rothenhaus said in an interview.
“We’re looking for those kinds of training opportunities — how do we better prepare them for what is a very dynamic and challenging cyberspace,” he said. “We are always looking at cutting-edge tools that help us both understand the status of the network to be able to see where activity is anomalous to the baseline, and really leverage some of the advances in machine learning and other technologies.”
Implementing the new CANES system is key to helping the Navy better control its network configurations, and better understand “what our networks look like to us … [and] to a potential adversary,” Becker said.
The program would enable the Navy to update various applications owned by program executive offices across the service at a faster rate, he added.
“We need to move at [the program offices’] pace to support their fleet mission and still provide the cybersecurity [and] provide services,” he noted.
SPAWAR is also involved with Navy-wide efforts to move its networks into the cloud, Becker said. Deputy Secretary of Defense Patrick Shanahan spoke of the department’s cyber vulnerabilities at the WEST conference, and Pentagon leadership has called for greater investment in cloud technologies across the services.
“The cloud provides many advantages for us — elasticity, ability to maintain large stores of data, the ability to have analytics” of that data, Becker said. “That technology can enable us to execute our mission more effectively and more efficiently.”
The Navy’s cybersecurity efforts involve every part of the service, from engineers to contractors, and even its legal counsel, he noted. “It takes all of our competencies, logistics, program management, engineering. It takes … [an] integrated product team approach to understand how best to move our Navy into cloud technologies.”
But the service will need an assortment of new tools to ensure its systems are more agile, adaptable and easily managed. Various companies are offering products that can help the Navy and other federal customers streamline their networks and automate tasks to lighten sailors’ responsibilities.
Galois, a Portland, Oregon-based computer science research-and-development company, was recently awarded a $2 million contract with the Office of Naval Research to build an open-source tool that could ease the design process for complex cryptographic algorithms.
The cryptographic analysis, verification, exploration and synthesis, or CAVES, contract could help verify the correctness of cryptographic software, a key factor in cybersecurity and privacy, said Aaron Tomb, research lead in software correctness at the company.
The CAVES program employs automated reasoning to identify central problems in cryptographic designs early in the design phase, he said. “If you’re exploring a wide variety of possible algorithms … you will quickly rule out the ones that might have security issues,” he added. “You get the benefits of higher security and lower effort in a combined package.”
The two-year small business innovation research program is being developed as an open-source project, Tomb said. “Anybody who is interested could start using the current capabilities right now and continue to monitor it.”
The team is testing the new technologies as they are developed, he added. “We’re really trying to take a much more agile approach where all of those [milestones] are integrated together, and the tools just gain capabilities over time in fairly small increments.”
The cybersecurity landscape has been evolving over the past few years, Tomb noted. The world overall is more dependent on computer systems, and potential adversaries are exploiting that to a greater degree than in the past, he said.
“I think now that [as] more and more critical infrastructure really depends on computer systems and is connected to the internet, it has become a very obvious attack factor,” he added.
In past years, manufacturers may have underestimated the importance of developing software with security in mind from the start, but automated reasoning techniques, such as those used in the CAVES program, are being increasingly employed to help improve the quality of software, he said.
Hardware designers must also work to bake security into their systems from the beginning, said Chris Ciufo, chief technology officer for General Micro Systems, a Rancho Cucamonga, California-based computer technology company.
“The biggest challenge from a technology standpoint is for the designers of these systems … to look beyond the requirements of what they’re designing,” he said. “They’re designing a display system [and] they think, ‘I have a display that has to be this size, that has to have this resolution and these many colors.’ … They need to have security in their mind all of the time, and to do safe coding practices that are secure [and] safe hardware design practices.”
GMS has built a secure storage server that keeps classified and unclassified networks completely separate within its architecture. The Hurricane S1U401-SHS secure high-speed storage service includes isolated ports that could allow sailors to keep both networks segregated from one another, Ciufo said.
“We have architected these ports in such a way that every single one of the wires that comes out of the Ethernet goes to a separate console, person or node in the ship,” he said. “None of the nodes are connected together, except at this box.”
A typical Ethernet network would combine several ports together, allowing multiple users’ traffic to cross when they access the internet.
“These paths never cross. They are individually connected to the processor system, one at a time,” Ciufo said. “They have individual addresses. They are separate from one another electronically [and] software-wise, and it requires a different way of architecting the system.”
The Hurricane server’s compact size also allows the Navy to save physical space while keeping the networks separate, he noted. It can operate in temperatures from negative 4 degrees to over 167 degrees Fahrenheit.
It also includes removable cartridges that “encrypts storage on the fly,” he said. That allows a user to pull the cartridge out and move it to another station and the data would remain secure, he added.
The server comes with two cartridges each supporting up to 128 terabytes of mass storage over eight drives. Should any one drive or group of drives fail, redundancies can be built in so that the data is protected, encrypted and recoverable, according to the company.
“You can walk down the street with this cartridge with classified data … and you can’t break into it,” he said.
The server could be used for Navy and Marine Corps shipboard operations centers and command-and-control systems, as well as for other service networks that require secure but compact and rugged hardware, Ciufo said.