A New Mindset for Cybersecurity and Capability Delivery
The conversation around cybersecurity often revolves around finding a balance between security and user experience. However, Jane Rathbun, the chief information officer of the Department of the Navy, recently suggested that in situations where security and innovation are concerned, striking a balance might be the wrong approach.
Rathbun emphasized during an AFCEA West panel that when it comes to balancing innovation with cybersecurity, the correct mindset is not a balance between the two, but rather a "yes-and" approach. This means that innovation should always consider cyber operations in mind, and that building a culture of cybersecurity is essential.
The Navy's CIO emphasized the importance of zero-trust principles in all aspects of capability development. This includes understanding who is accessing data, from which device and classification level, and what the risk to the data might be.
Considering the Threat Perspective
Lt. Gen. Melvin "Jerry" Carter, deputy commandant for information for the Marine Corps, suggested that starting with a threat perspective when developing new capabilities is crucial. The rapid advancement of cyber adversaries necessitates an ever-present threat perspective in capability development.
Rethinking the Capability Development Process
Rathbun proposed rethinking the entire process for new capabilities, emphasizing the need for all stakeholders to be involved from the outset. She advocated for a more collaborative approach that brings together operators, acquirers, resource sponsors, requirements representatives, and industry partners.
This would allow for iterative experimentation, early feedback, and an environment where it's okay to fail. Rathbun stressed that this approach is necessary because too often systems do not meet cybersecurity requirements when they're fielded – 50% of their systems, according to her estimates.
Putting the Operator First
R. Adm. Vince Tionquiao suggested considering how capabilities will eventually be used and maintained by operators and maintainers. This includes thinking about how to automate, provide dashboards and triggers for necessary information, and simplify end-to-end architecture.
Tionquiao emphasized the importance of iterative experimentation, allowing for feedback and failure in a safe environment. This approach can help ensure that capabilities meet the needs of warfighters while also being secure and effective.
A Collaborative Approach to Capability Delivery
The Department of the Navy's new mindset on cybersecurity and capability delivery emphasizes collaboration between operators, industry partners, and all stakeholders involved in the process. This approach aims to ensure that capabilities are delivered faster and more securely than ever before, meeting the needs of warfighters while maintaining the highest standards of security.