The National Academies Press

Currently Skimming:

Summary
Pages 1-11

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 1... ... Because of the forward posi tioning of both the Navy's afloat and the Marine Corps expeditionary forces, IA issues for naval forces are exacerbated, and are tightly linked to operational success. Broad-based IA success is viewed by the NRC's Committee on Information Assurance for Network-Centric Naval Forces as providing a central underpinning to the DOD's network-centric operational concept and the Department of the Navy's (DON's) Read the entire page →
From page 2... ... While the study identified many positive naval IA efforts currently underway, it also identified the following areas where new, coordinated IA-focused efforts will be required in order for the naval forces to achieve important levels of risk reduction: • Doctrine development, operational procedures, and operational exercises to provide resilience against successful information system attacks; • Technology research, development, and deployment -- including system architecture research; • Education and training for all naval personnel and the development of specialized career paths; • Intelligence gathering and assessment; • The IT acquisition process; • Risk analysis methods for prioritizing investments; • Dynamic and adaptive network and system reconfiguration; and • Network and system monitoring. The report addresses each of the above areas and related issues associated with information assurance and cyberdefense -- issues that in many cases are very intertwined and have impact across the entire spectrum of DON and DOD enterprises. Read the entire page →
From page 3... ... and Secret Internet Protocol Router Network (SIPRnet) security, elements of updated potential cyber concepts of operations (CONOPS; including the integration of offense-defense into cyber operations) Read the entire page →
From page 4... ... This study offers the following three major findings and recommendations that are related to this issue. Update IA Operational Doctrine Major Finding 1: Naval operations are highly dependent on information derived through all networks, including the Non-Classified Internet Protocol Router Network (NIPRnet) Read the entire page →
From page 5... ... Major Recommendation 3: In order to provide the appropriate level of information assurance, the Office of the ASN(RDA) should adopt and manage system developments using sets of IA principles that are explicitly specified and required to be incorporated into the naval forces enterprise architecture, including specifi cally addressing the IA requirements of service-oriented architectures. Read the entire page →
From page 6... ... This study offers the following four major findings and recommendations that are related to this issue. Eliminate Shortcomings from Current IA Initiatives Major Finding 4: The Department of the Navy has underway a diverse set of IA initiatives that are representative of best commercial IT practices. Read the entire page →
From page 7... ... Major Recommendation 5: The Director, Naval Intelligence, in collaboration with the Defense Intelligence Agency and national intelligence organizations, should support cyber risk analysis by collecting and analyzing all source intelligence to improve the Department of the Navy's understanding of adversaries' mission intent, strategy, and tactics and to illuminate how these could impact the ability of the Navy and Marine Corps to accomplish their missions and objectives.11 Also, threat and risk analysis, specifically including CONOPS and operational capabilities of adversaries, should be shared across the many Navy and Marine Corps organizations with significant dependencies on information assurance. Standard scenarios and measures of effectiveness should be used by organizations responsible for information assurance. Read the entire page →
From page 8... ... The Navy should focus its research efforts on addressing capability gaps specifically related to the needs of naval forces that are not being sufficiently addressed elsewhere. Concurrently, the Office of Naval Research should develop a rapid technology 12 Major finding and recommendation 6 are found in the subsection entitled "Existing Naval Research and Development and Acquisition Processes" in Chapter 4. Read the entire page →
From page 9... ... In particular, the Department of the Navy does not appear to be aggressively considering and assessing alternatives to gain greater IA advantages through such integration. Major Recommendation 8: The Office of the CNO and the Office of the CMC should consider approaches for reducing the separation and enhancing the inte gration across emerging offense, defense, and intelligence organizations related to IA.14 13 Major finding and recommendation 7 are found in the subsection entitled "Current Naval Information Assurance Research and Development Budget" in Chapter 4. Read the entire page →
From page 10... ... . Since cyber-related technology continues to evolve rapidly, the cyber workforce program for naval forces should also include measures to continuously modern ize the Navy and Marine Corps training and education curriculum, including the development of formal relationships with universities and external advisers for guiding and supporting naval needs in cyber education and training.16 Adopt New Naval IA Organizational Structure Major Finding 10: The governance of information assurance is widely distributed across naval forces, with many parties playing roles, resulting in many governance seams. Read the entire page →
From page 11... ... However, the committee believes that several of the major recommendations can be acted on with minimal additional capital or operating expenditures. Owing to the immediacy of the issues involved with information assurance for naval forces, the committee urges the consideration of all recommendations in a timely fashion. Read the entire page →

From page 1...

... Because of the forward posi tioning of both the Navy's afloat and the Marine Corps expeditionary forces, IA issues for naval forces are exacerbated, and are tightly linked to operational success. Broad-based IA success is viewed by the NRC's Committee on Information Assurance for Network-Centric Naval Forces as providing a central underpinning to the DOD's network-centric operational concept and the Department of the Navy's (DON's)

Read the entire page →

From page 2...

... While the study identified many positive naval IA efforts currently underway, it also identified the following areas where new, coordinated IA-focused efforts will be required in order for the naval forces to achieve important levels of risk reduction: • Doctrine development, operational procedures, and operational exercises to provide resilience against successful information system attacks; • Technology research, development, and deployment -- including system architecture research; • Education and training for all naval personnel and the development of specialized career paths; • Intelligence gathering and assessment; • The IT acquisition process; • Risk analysis methods for prioritizing investments; • Dynamic and adaptive network and system reconfiguration; and • Network and system monitoring. The report addresses each of the above areas and related issues associated with information assurance and cyberdefense -- issues that in many cases are very intertwined and have impact across the entire spectrum of DON and DOD enterprises.

Read the entire page →

From page 3...

... and Secret Internet Protocol Router Network (SIPRnet) security, elements of updated potential cyber concepts of operations (CONOPS; including the integration of offense-defense into cyber operations)

Read the entire page →

From page 4...

... This study offers the following three major findings and recommendations that are related to this issue. Update IA Operational Doctrine Major Finding 1: Naval operations are highly dependent on information derived through all networks, including the Non-Classified Internet Protocol Router Network (NIPRnet)

Read the entire page →

From page 5...

... Major Recommendation 3: In order to provide the appropriate level of information assurance, the Office of the ASN(RDA) should adopt and manage system developments using sets of IA principles that are explicitly specified and required to be incorporated into the naval forces enterprise architecture, including specifi cally addressing the IA requirements of service-oriented architectures.

Read the entire page →

From page 6...

... This study offers the following four major findings and recommendations that are related to this issue. Eliminate Shortcomings from Current IA Initiatives Major Finding 4: The Department of the Navy has underway a diverse set of IA initiatives that are representative of best commercial IT practices.

Read the entire page →

From page 7...

... Major Recommendation 5: The Director, Naval Intelligence, in collaboration with the Defense Intelligence Agency and national intelligence organizations, should support cyber risk analysis by collecting and analyzing all source intelligence to improve the Department of the Navy's understanding of adversaries' mission intent, strategy, and tactics and to illuminate how these could impact the ability of the Navy and Marine Corps to accomplish their missions and objectives.11 Also, threat and risk analysis, specifically including CONOPS and operational capabilities of adversaries, should be shared across the many Navy and Marine Corps organizations with significant dependencies on information assurance. Standard scenarios and measures of effectiveness should be used by organizations responsible for information assurance.

Read the entire page →

From page 8...

... The Navy should focus its research efforts on addressing capability gaps specifically related to the needs of naval forces that are not being sufficiently addressed elsewhere. Concurrently, the Office of Naval Research should develop a rapid technology 12 Major finding and recommendation 6 are found in the subsection entitled "Existing Naval Research and Development and Acquisition Processes" in Chapter 4.

Read the entire page →

From page 9...

... In particular, the Department of the Navy does not appear to be aggressively considering and assessing alternatives to gain greater IA advantages through such integration. Major Recommendation 8: The Office of the CNO and the Office of the CMC should consider approaches for reducing the separation and enhancing the inte gration across emerging offense, defense, and intelligence organizations related to IA.14 13 Major finding and recommendation 7 are found in the subsection entitled "Current Naval Information Assurance Research and Development Budget" in Chapter 4.

Read the entire page →

From page 10...

... . Since cyber-related technology continues to evolve rapidly, the cyber workforce program for naval forces should also include measures to continuously modern ize the Navy and Marine Corps training and education curriculum, including the development of formal relationships with universities and external advisers for guiding and supporting naval needs in cyber education and training.16 Adopt New Naval IA Organizational Structure Major Finding 10: The governance of information assurance is widely distributed across naval forces, with many parties playing roles, resulting in many governance seams.

Read the entire page →

From page 11...

... However, the committee believes that several of the major recommendations can be acted on with minimal additional capital or operating expenditures. Owing to the immediacy of the issues involved with information assurance for naval forces, the committee urges the consideration of all recommendations in a timely fashion.

Read the entire page →

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

Summary Pages 1-11

Summary
Pages 1-11