Just like in workplaces and industries all across the country, the coronavirus pandemic has led to dramatic changes in how the military conducts its daily business and has forced the rapid and widespread adoption of remote work policies by hundreds of thousands of personnel.
As one example, Navy telework capacity, which might have consisted of a few thousand people per day accessing the network remotely before the COVID19 outbreak, has ramped up exponentially—in a matter of weeks—to accommodate the 150,000 Navy personnel who are now logging in remotely via Virtual Private Network (VPN).
It’s “really an amazing story,” Rear Admiral Kathleen Creighton, the Navy Cyber Security Division Director, remarked via livestream during the recent Virtual Sea-Air-Space conference. “I’ve been in the Navy for 32 years. I’ve never worked from home, not one day,” underscoring that for many of these workers, the remote work experience is “brand new.” And a novel challenge for the sea service.
However, just like every organization that has had to make a similar shift, the Navy needs to now deal with the new security challenges that arise when VPN access and other remote work considerations become such important keystones in an organization’s ability to work effectively. Namely, when a lightly used network capability becomes absolutely mission critical overnight, the change presents malicious actors with a new attack vector, and that can have severe repercussions for any organization.
The challenge facing Navy telework capacity though, is that it is not just any other organization. “The Navy is America’s away force,” RADM Creighton reminded us, and its job is to operate at the tactical edge, confronting the life-and-death threats to our nation’s security, day in and day out.
And while civilian organizations rightly need to be concerned about fortifying their cyberdefenses to safeguarding the valuable information therein, Navy cybersecurity needs are compounded by the fact that to secure the Navy infrastructure means securing—in addition to sensitive and classified information—weapons systems which are increasingly network connected.
What’s more, RADM Creighton warned, “our adversaries in cyberspace know that we’re doing business differently, and they’re responding in kind.”
“Our adversaries in cyberspace know that we’re doing business differently, and they’re responding in kind.”Rear Admiral Kathleen Creighton, Navy Cyber Security Division Director, Office of the CNO
To answer these challenges, the timeline on the Navy’s network modernization priorities has accelerated dramatically as the Navy telework infrastructure has had to “flex” its muscles under the strain of COVID19.
The keys, according to RADM Creighton, has been assessing where the network bottlenecks are, increasing software licenses when necessary, and ensuring that the same standard of security is preserved, even as the network needs to accommodate such a spike in usage.
“There’s been no relaxation in defenses,” RADM Creighton assures us. “We basically have made sure that anything that we’ve done has not relaxed our cyber security standards.”
To learn more about the vulnerabilities inherent in remote working and VPN adoption, click HERE.
Featured image courtesy of U.S. Navy, taken by Petty Officer 1st Class Diana Quinlan