Pandemic Raises New Cybersecurity Concerns for Navy
An increase in telework during the COVID-19 pandemic has created new concerns about cybersecurity in the Navy, according to a service official.
Adversaries have taken note of the rise in online work, making the Defense Department a prime target, said Rear Adm. Kathleen Creighton, Navy cybersecurity division director in the office of the chief of naval operations.
“The Defense Department is a target for adversaries to attack,” she said during the Navy League’s Sea-Air-Space virtual conference. “We’ve made sure that anything we’ve done has not affected our cybersecurity standards. … All those capabilities are still in play, so there’s been no relaxation of any defenses.”
The service is crafting new teleworking policies to prevent attacks, Creighton noted. For example, the Navy is working on secure ways to renew expired common access cards, better known as CAC cards, which enable personnel to access Defense Department facilities and information systems.
“We’re telling people what’s allowed, what’s not allowed,” she said. “The main thing is we want to make sure that people are able to stay safe, work remotely and still be able to perform our mission.”
Additionally, the Navy has had to boost the capacity of end user devices such as laptops, mobile phones and virtual private network servers, she said. The increase in teleworking has led to bottlenecks in the network, meaning that there is stoppage from the larger number of users. The issue requires an expansion in supporting circuitry, she noted.
Before COVID-19 hit, on any given day, probably only a few thousand people accessed the Navy’s network remotely, she said. That number has grown to 150,000 or more.
The pandemic is also pushing the service to roll out new capabilities faster, she said. For example, the crisis has highlighted the need to switch to Microsoft 365 as soon as possible.
“We want to go faster with the rollout of Office 365, but we recognize that we’re going to need something temporary for the pandemic response,” she said.
However, the service must ensure that it provides sailors with devices that are easy to use while maintaining cybersecurity, she noted.
“We just have to very closely balance those two things — the need for collaboration and productivity with the need for security, and so we do that under the direction of U.S. Cyber Command and our service cyber component, Fleet Cyber Command,” she said.