“You’re never going to have an impenetrable network, that is a fool’s errand. You will have the ability to fight through the hurt, and that’s where we focus our effort in the Navy,” she said during a panel discussion at the annual C4ISRNET Conference on May 3. That ability will often require nontechnical solutions.
“That involves making sure commanders — operational commanders — understand: What is our no-fail mission? Not our cyber mission — our no-fail mission,” such as missile defense or disaster relief, Barrett explained. “Then: What’s the cyber key terrain that supports that mission and needs to be 100 percent reliable or resilient in a way that you can operate through hurt?”
Once those areas are identified, a mature cyber support team should have plans in place for any eventuality, including total loss of the network. That also includes making sure commanders understand what resiliency should mean to them.
“It could mean: Today, you don’t have your network, not for a couple hours during an exercise. But what if you don’t have any for a month? And you’ve built all your processes around being reliant on your data that way?” Barrett said. “How are you then employing processes that are not technology to work around that and get your no-fail mission done without your network?”
“By identifying our cyber key terrain, we’re able to identify where to put our resources and where to put our highest levels of readiness to support those no-fail missions. For us in Navy, that’s been a big emphasis.”