SPAWAR supports USS Harry S. Truman in preparation for cyber security inspection

SAN DIEGO, CA, UNITED STATES

06.15.2012

Story by Tina Stillions 

Naval Information Warfare Systems Command (NAVWAR)

✔ ✗ Subscribe

38

SAN DIEGO, Calif. — The Space and Naval Warfare Systems Command cyber security inspection support team assisted USS Harry S. Truman, June 11-15, as the ship prepares for its upcoming shipboard cyber security inspection scheduled for early August.

A CNO-directed three-stage enterprise program, the Cyber Security Inspection and Certification Program ensures the health and security of Navy networks and connected combat systems and formalizes a process for continuing oversight and accountability. The SPAWAR team provides sailors assistance with their shipboard information technology and cyber capabilities.

During each stage of the process, SPAWAR observes and provides liaison support to the fleet while Navy Cyber Forces and U.S. Fleet Cyber Command conduct their assist and inspection respectively.

“We are familiar with the inspection process, so we’re there to let the ships know what the lynch pins are and how they can address those issues,” said Steven Modregon, a SPAWAR project engineer and information assurance specialist. “In some cases, the issues are site based and caused by things the ships have implemented on their own that they just didn’t know and understand.”

A good example would be changing a system’s registry setting.

“The ship may have changed something in their registry that had a negative impact to the network and now poses a security risk,” Modregon explained. “After all the results are tallied, we can provide the ship with resolutions for what has been fixed, the status of those things that have not been fixed and, if necessary, help determine any false findings.”

SPAWAR is an observer to the cyber security inspection program under U.S. Fleet Cyber Command, which is a three-stage inspection process and involves running automated and manual scans to a ship’s on-board networked systems. It is the formal process for inspecting a ship’s information assurance posture based on Department of Defense, Department of Navy, Defense Information Systems Agency and National Institute of Standards and Technology standards.

By analyzing findings uncovered during the inspection process, a determination can be made as to what must be addressed and fixed. During observation, Modregon helps the ship determine the appropriate solutions, making sure onboard personnel have all available tools and resources and how best to use and employ them.

“More often than not, we find that there is simply a lack of knowledge,” said Modregon. “Or we’ll find that the ship isn’t running available program maintenance decks or that there are patches they are not aware of.”

SPAWAR provided support to USS Lake Erie (CG 70) in March as sailors prepared for their inspection. During that observation, the team discovered a revised program of maintenance procedure that was developed for the current installed network system. However, the ship was never made aware the revision was available.

“They thought they were doing all the right things,” said Modregon. “But some of the things they were doing resulted in security red flags. We showed them how they could get specific procedures for the problems they were having using SAILOR 2.1.”

SAILOR 2.1 enables ships to search for a preventive maintenance system for any SPAWAR system, or find solutions for other systems, and helps determine which patches and security updates are available for those specific systems. It not only shows how to patch and monitor for patches, but how to find out if any processes have changed and, if so, why the message traffic never got through to the ship.

By working closely with USS Lake Erie’s leadership, the SPAWAR team familiarized ship personnel with their host based security system preventative maintenance procedures. The team also helped them identify and resolve SPAWAR system information assurance vulnerability management system findings through the understanding of fleet advisory messages, mandatory security updates and software version description documents. SPAWAR provided technical guidance about the system status for specific security findings and also provided sailors with navigation techniques they could use when researching complex systems.

According to Modregon, this kind of support is vital to the fleet.

“In the case of Lake Erie, they had a system that pushed their patches, but they didn’t know nor understand which ones were released and should have been pushed to them,” said Modregon. “We were able to sort through all the data and, in doing so, found that patches had indeed been pushed but were missed.”

USS Lake Erie is one of about 20 ships that have patch notification systems. Most ships will eventually be equipped with this type of shipboard patch notification system in the future.

In the meantime, they rely on the kind of proactive support provided by SPAWAR.

“We go out to the ships and show them available fixes and we get them their inspection reports,” said Modregon. “We provide them with a summary of the inspection results and let them know what is system based, what is site based, and, for those that are site based, what the fix is and how to get to it. More often than not, it’s a matter of pointing them to a message that was released that tells them where the fixes can be located.”

On a monthly basis, the Navy’s cyber forces assess the readiness and capabilities of afloat and ashore commands. The review starts with an assessment of a command’s readiness and continues with a review of all the resource pillars, such as personnel, equipment, supply, training, ordnance and facilities. Any identified shortfalls are then addressed and mitigated.

Issues that need mitigation and involve a SPAWAR system go through the command’s Fleet Readiness Directorate, which was created to address these types of fleet issues. FRD gets the call when a trouble action comes through from a ship. In most cases, the ship will send a casualty report with an identified security issue.

However, SPAWAR’s FRD does not wait for a CASREP.

“FRD is very proactive and very involved in the process, because they are the ones that take action when the fleet has problems,” said Modregon. “Instead of waiting for the question to come to us, we are on top of it. We take our information dominance expertise and help the ships out. We ensure they get their answers and get their replies so they can make their deadlines. “

As the Navy's Information Dominance systems command, SPAWAR designs, develops and deploys advanced communications and information capabilities to the fleet. The organization is at the forefront of research, engineering, acquisition and support services that provide vital decision superiority to Navy forces. SPAWAR has more than 8,900 active duty military and civil service professionals located around the world and close to the fleet.