Defense Officials: Cyber is a Sport That Needs Strong Teammates

NATIONAL HARBOR, Maryland — Coast Guard, Navy and Marine Corps cybersecurity officials cite partnerships and a strong workforce for effective cyber defense.

“It’s going to take all of us. From the individual user to the provider to the designer. It’s a team sport,” Retired Marine Corps Lt. Gen. Lori Reynolds said during Sea-Air-Space Tuesday.

The collective responsibility of partners like industry, academia and government manifests differently across the services that requires coordination, said Assistant Deputy Chief of Naval Operations for Information Warfare Jennifer Edgin. Those different responsibilities mirrors, for example, an effective basketball team that wins because of different players’ different strengths fitting together.

“The point guard doesn’t try to be the center, they play together as a team,” Edgin said. “We’re talking about a cybersecurity issue, or a cyber mission issue. We talked about who are our stakeholders, who are supported and supporting commanders, and we try to bring precision to that conversation. And that precision, that specificity, is what rules the day.”

Communication between partners, especially regarding threat knowledge and response tactics, is critical to strengthening cybersecurity across critical systems, according to Marine Corps Cyberspace Command Cyber Technology Officer Shery Thomas.

“Industry and government needs to be tight,” Thomas said. “If we see an issue or a threat, we feed it back to industry. Industry has to come back the same way and say, ‘Hey, we saw some issue here, and this is how we mitigated it.’”

Government and industry face the same, if not similar, cybersecurity threats. Therefore, solutions are often similar, Thomas said.

“We look into other enterprises between the government space, where the energy sector, the transportation sector, the State Department [and] how we all intertwine with one another on products,” Thomas added.

Everyone needs to be agile and adaptable to react to new threats in new domains, Edgin noted.

“I remember when cloud first came online and the government was first making that transition. It was the panacea, at times,” Edgin said. “There are no three-day magic beans. The cloud is just another environment that we need to continue to work in.”

The sea services continue to prioritize new hiring and retention strategies to bring in and train its technical workforce.

“There are more [government cybersecurity] jobs that we have people to fill them,” Edgin said. “There’s a lot of things going on, particularly in the cyber workforce, that have alternative, hiring pathways that allow you to do different things to move in and out. More of that, particularly for our civilian workforce, just makes us stronger.”

The Coast Guard faces similar hiring challenges.

“We’re literally trying to cover every corner of the workforce with the different programs to attract and retain the folks that we need,” said Coast Guard Cyber Commander Rear Adm. Jay Vann. “We have given our enlisting workforce an opportunity now to make a career out of working in this field and creating it and listening reading. We have created a warrant officer specialty and again so that people are interested in doing this work, people who invest in lots of training, and now turn this into a career’s worth of work.”

Vann cited new strategies the service is developing to meet its future cybersecurity needs.

“We recently, last year, developed a Coast Guard cyber auxiliary augmentation from a cyber flotilla, a virtual flotilla of volunteers who, whatever walk of life they come from, whatever their background is, that want to serve in a way where they can work in cybersecurity or cyber operations,” Vann said. “Clearly there are security clearances and law enforcement authorities and things that the Coast Guard has to constrain.”

Users also need to be vigilant against cybersecurity threats.

“If you’re a user, you need to be able to understand what device you’re getting into or what kind of threat vectors that are off,” Thomas noted. “It has to be ingrained in someone.”

Edgin added that the changing nature of cyber threats means that training needs to evolve concurrently and proactively.

“We shouldn’t have an annual web-based training that you have to take,” Edgin said. “That’s how we create that culture of continuous learning, and we see that happening in the Navy, we see that happening across the government. … And that’s really the proactive approach to cybersecurity.”