US Navy is Struggling to Counter Supply Chain Cyber Threats
The US Navy remains the most advanced naval service on the planet, which also makes it a prime target for nation state cyber actors deriving from the likes of China, Iran, and Russia. However, US Navy Secretary Richard Spencer recently shared some troubling words when describing the navy’s current cyber defenses; “We are woefully behind.” This worrying statement came directly from the mouth of the US Navy’s top civilian leader on 23 October 2019, while offering a grim albeit positive outlook on the US Navy’s current cyber defense program and how he intends on improving the naval service capabilities. Foremost, Spencer discussed his plan to establish an entirely new Chief Information Officer (CIO) position (Aaron Weis) who will be responsible for a least four directorates, all of which will be dedicated to modernizing the US Navy’s overall cyber defense capabilities. Earlier this summer, US Naval leadership conducted a “shake-up” at the senior level and created a new position - special assistant to the secretary who will oversee all cybersecurity for the Navy.
Another issue that concerns Secretary Spencer and newly appointed CIO Aaron Wise is how to protect the supply chain. Maintaining a strong relationship with tier 1 suppliers is critical, but Wise also noted that tier 2 and tier 3 suppliers are most vulnerable to compromise - a reality that was recently highlighted in the recent Navy Cyber Readiness Review. This is where the newly created Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) comes into play, as all defense suppliers will need to be certified under the new framework in order to conduct business with the DoD.