Learning to 'fight through the hurt'

One of the biggest cybersecurity challenges on the battlefield is learning how to "fight through the hurt" and learning how to do without, according to Rear Adm. Danelle Barrett, the director of the Navy's cybersecurity division in the Office of the Deputy Chief of Naval Operations for Information Warfare.

"And I'm not talking about do without for a couple hours of a power outage. I'm talking Puerto Rico levels [of devastation after Hurricane Maria] do without. What if you are without for a month, how are you going to execute your no-fail mission?" Barrett asked the audience at an Armed Forces Communications and Electronics Association panel on cybersecurity and non-traditional IT warfare in Arlington, Va., Friday. "Leaders need to understand that that is a possibility and have their plans ready to execute."

Barrett said that training personnel with the assumption that portions of the networks would be inoperable were incorporated into a cyber plan.

"You are going to have portions of your network down, you will have portions of your [Supervisory Control and Data Acquisition] or your [industrial control systems] that are affected  --  how can you fight through the hurt? You have to understand what are my no-fail missions," such as hurricane relief "and what is the critical cyber-key terrain that supports those missions that cannot fail -- and that includes the control systems and ICS," Barrett said. "Then you look at what are the programs that support that in the systems, and how do I protect those and put in control points so that we have that defense in depth."

Then, she said, combine that with the intel assessment that maps what an adversary is capable of and likely to do.

Barrett also touched on how a global electronic supply chain mixed with international relations complicates cyber readiness and the ability to fight tonight.

"When you talk about resiliency, particularly overseas, who is building all the infrastructure in the Middle East, Africa, and South America? China. Who is operating those telecommunication control centers? China. Are they our friend in cyberspace? Not exactly," she said.

"We have to understand that sometimes there's no choice. It's not like you can go to another service provider.," Barrett said. "So we have to take a real hard look at what do we send over our satellites and then end-to-end -- not just what comes over our satellites -- but where does that come back into the grid on the ground."

There's no way to American-install fiber across large swaths of continent, she said. When there's no way to guarantee the safety of the infrastructure, the only other option is to use encryption to protect data.

Ken Bible, the deputy director for the U.S. Marine Corps' deputy CIO and C4's deputy director, also spoke on the panel, driving home the importance of verifiability throughout the supply chain.

"We need help. I can foresee this as a growing issue because regardless of whether the product is assembled in the U.S., the components came from everywhere," he said, later adding that the origin of software source code for applications isn't always verifiable.

Bible also mentioned that Marines were looking at Humvee sensors to help with fuel efficiency and route management, but if that information sent over the network were compromised, it  would have potential implications for warfighting.