recommended reading

Navy Takes on Internet of Things with New Task Force

The amphibious assault ship USS Makin Island, background, pulls alongside the aircraft carrier USS George H.W. Bush in the Persian Gulf.

The amphibious assault ship USS Makin Island, background, pulls alongside the aircraft carrier USS George H.W. Bush in the Persian Gulf. // Juan Guerra, U.S. Navy/AP

The Navy is embarking on a year-long effort to protect hardware and software servicewide, as the Internet of Things takes hold of everything from ship speakers to missile launchers.  

"Task Force Cyber Awakening" will draw from U.S. Cyber Command Commander Adm. Michael Rogers’ reaction strategy to a major Navy computer system hack last year.

The shock of the event -- blamed on Iranian hackers -- is part of the reason for the name "Awakening."

One item on the docket: Ensuring new apparatus, such as the Navy's next-generation tactical afloat network, "CANES," can operate safely with computers still running on outdated Windows XP software. Without foresight, the linkages could create new vulnerabilities.

Some of the systems that depend on CANES, which stands for Consolidated Afloat Networks and Enterprise Services, are running XP and CANES doesn't have the ability to support XP, Matthew Swartz, the Task Force Cyber Awakening lead, told reporters Friday. 

"There’s a discussion and probably a press to do XP massive upgrades now: 'Upgrade everything. It’s the No. 1 priority,'"he said. "But I think what some would say is, as we're starting to evaluate all the cyber things we need to do, across the enterprise, XP upgrades may not be the No. 1 thing." 

The problem is the ripple effect of such changes.

"For the Navy, it’s very difficult to do massive operating system upgrades -- that’s bigger than just doing a software upgrade," Swartz said. "It requires doing some infrastructure changes as well," and alterations must wait until ships comes ashore for regular maintenance. The growing number of connections between onboard systems and land-based systems also generates concern.

"It’s not only the interconnectedness of what’s on the ship,” Swartz said. "We’re starting to also evaluate the interconnectedness of our float platforms to the shore to make sure that we have the right connections in place and that we’re providing the right security."

The task force will employ procedures Rogers devised for Operation Rolling Tide, the response to the cyber strike against the Navy Marine Corps Intranet. The Wall Street Journal first reported the incident in September 2013. 

"Are Adm. Rogers’ fingerprints all over this? Without a doubt, and he probably doesn’t even know it." Swartz said. "If you look at what we did for Operation Rolling Tide -- Adm. Rogers was the hero of that. He was the one that realized that we need the ability to fight the network, we need the ability to maneuver the network [if] we are going to fight through a cyber incident." 

That approach will cover not only business computers but all networked capabilities, including combat and control systems.

"We’re taking what he did when he was at 10th Fleet, and we’re actually taking that and broadening it to other parts of our enterprise," Swartz said.

And none too soon. Military officials and researchers expect threats one day will be able to jump the "air gap" between a ship's networked speaker system and, for example, malicious sound waves to derail a boat's control systems.

"This is where you talk about fleets coming to a stop. Our ships are floating SCADA systems," retired Capt. Mark Hagerott, deputy director of cybersecurity for the U.S. Naval Academy, said at a conference last year. SCADA refers to supervisory control and data acquisition systems that run industrial operations. "That would disrupt the world balance of power if you could begin to jump the air gap," he said.

This post has been updated. 

Threatwatch Alert

Network intrusion / Software vulnerability

Hundreds of Thousands of Job Seekers' Information May Have Been Compromised by Hackers

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.