Chief of Naval Operations Admiral John Richardson recently summed up the current cyber threat environment: "The threats reach well beyond what you would consider a traditional computer or information technology network into the control systems, and indeed almost every aspect of our lives and of our Navy mission."
Instead of attempting to address every possible weakness in its cyber defenses, the Navy is executing a cyber resilience strategy that will enable it to "fight through" the inevitable compromises.
Cyber resilience is like shipboard damage control. If a ship is hit, the crew quickly determines what has been damaged, isolates the damage, makes repairs, implements work-arounds and continues fighting. If there are weaknesses in the Navy's defenses, its networks and computers can be compromised by attackers with relatively limited resources. Cyber attackers only have to be successful once to do significant damage; we cannot afford to make any mistakes.
But you can make a difference.
By following cybersecurity policies, directives and best practices you can help keep the Navy secure. It's an all hands effort, like damage control on a ship.
Sailors should take the following precautions:
Editor's note: Information was compiled from Office of the Deputy Chief of Naval Operations for Information Warfare, Navy Cyber Defense Operations Command and Navy Information Forces Public Affairs.
- Don't take the bait - Always verify the sources of emails and the links in emails. If you're directed to a site for an online deal that looks too good to be true, it probably is.
- When in doubt, throw it out - Don't open suspicious links in emails, tweets, posts, messages or attachments, even if you know the source.
- Don't connect unauthorized devices to Navy networks - Don't connect unauthorized devices, such as thumb drives and cell phones, to your computer. Unauthorized devices may contain software that can allow an attacker inside the Navy's network.
- Remove your CAC - Remove your common access card (CAC) or lock your computer when you're not using it. Don't make it easy for an inside attacker to access data on your computer by leaving it unlocked when you're away.
- Use a better password - Don't use easily guessed or weak passwords, and safeguard them so they can't be stolen.
- Safeguard your personally identifiable information (PII) - Attackers can use information they've obtained about you to appear legitimate so they can trick you into surrendering data they need to breach our networks and systems.
- Don't use P2P programs - Don't use peer-to-peer (P2P) file sharing programs. These programs can spread bad software inside the Navy's network defenses.
- Stay on known, trusted websites - Use websites that have a reliable reputation and are secure.
- Don't use systems in unauthorized ways - The Navy has established policies to protect itself from compromise. Don't put others at risk by using systems in ways that aren't authorized, such as accessing inappropriate websites or downloading unauthorized applications.