Warrior Maven & Rear Adm. Danelle Barrett
Navy Cyber Division Director
Welcome to the new WARRIOR MAVEN WARRIOR LEADERS Series -- Intvs with US Military Leaders, Program Managers and Weapons Developers - Unique Detail HERE.
Barrett’s operational assignments include tours at U.S. Naval Forces Central Command/U.S. 5th Fleet; commander, 2nd Fleet, Carrier Strike Group 2, Multi-National Forces Iraq, Carrier Strike Group 12, which included deployments in support of Operations Enduring Freedom in Afghanistan and Unified Response in Haiti; Standing Joint Force Headquarters United States Pacific Command; and deputy director of current operations at U.S. Cyber Command (Barrett Navy BIO )*********
Rear Adm. Danelle Barrett - Q&AWarrior Maven:
Much attention is now being focused upon Artificial Intelligence. What are some of the fast-emerging ways this is changing cyber operations?
Rear Adm. Barrett: We see that the more we can automate our networks, the more we can use machines to do the heavy lifting. Our brains do not have the capacity from a time or intellectual capacity to process all of that information. It is imperative to how we will be able to maneuver and defend networks in the future. We can have more automated defenses so that, when things happen, responses can be machine-driven. It won’t necessarily require a human.
Warrior Maven: How can AI help identify and prevent intrusions and cyberattacks?
Rear Adm. Barrett: We are very interested in artificial intelligence being able to help us better than we do today in many areas even beyond cybersecurity. Industry is using it well and we want to leverage those same capabilities for warfighting advantages. We want to use it not only for defensive sensing of our networks but also for suggesting countermeasures. We want to have confidence in machine intelligence and representation of data, to trust machines to help with our defenses but to also look at AI in terms of how we use it against adversaries. AI has all sorts of benefits with regard to the amount of data this is coming in on our networks. This requires us to look at TTPs as our networks become more agile. Human machine interface is also a key element of this. We can also use AI to help coordinate operation and cybersecurity of our unmanned and autonomous vehicle platforms.
Warrior Maven: How is the Navy now implementing findings from its Task Force Cyber Awakening? A special cybersecurity initiative aimed at better recognizing the extent to which weapons systems and networks are increasingly cyber-reliant?A
📷Rear Adm. Barrett: As a follow on to TFCA, our Cybersafe Division works with all commands to ensure that investments we have made in cyber defense are focused our highest priorities to detect, react and respond to cyber incidents. Taking a defense in depth approach allows us to have the resiliency to "fight through the hurt." This effort involved allocation of over $300 million for cybersecurity capabilities for traditional IT/command and control systems, and also extended to non-tradition IT as well - think control systems and weapons system on ships. We consider our networks warfighting platforms, just like aircraft, ships or submarines. We consider our networks warfighting platforms, just like any system on an aircraft, ship or submarine. Having the right tools, technology and processes in place to provide defense in depth allow the Navy to protect that information platform, identify anomalous behavior and quickly restore capability in the event of an incident. We have to be able to sustain operations even in the face of cyberattack. Investments made from TFCA and planned for the future help with this.
**********More on Adm. Barrett Rear Adm. Danelle Barrett graduated from Boston University in 1989 with a Bachelor of Arts in History where she received her commission from the Naval Reserve Officer Training Corps in a ceremony aboard USS Constitution. She holds Master of Arts degrees in Management, National Security/Strategic Studies, Human Resources Development and a Master of Science in Information Management.***\*****
Warrior Maven: How are at-sea networks such as CANES upgraded and better secured?
📷Rear Adm. Barrett: Upgrades to shipboard networks occur on an ongoing basis. Sometimes all of the hardware and software is upgraded to modernize the platform, other times smaller software upgrades are done to provide more capability to or to address shortfalls like a new cybersecurity vulnerability. It is a challenge to ensure the networks are upgraded on a not to interfere basis with ship's ongoing operations. Funding and scheduling complexities make it difficult for us to upgrade as quickly as we would like. Anytime we have an upgrade on a ship, we need the latest and greatest to include how we can apply artificial intelligence to helps us. SPAWAR keeps a keen eye on new technology that we need to incorporate to make managing, operating, protecting and maneuvering the networks easier. Program Managers across the Navy have a much better understanding of cybersecurity than they did five years ago and now it is built in - not just sprinkled on later. It's a challenge though as you can imagine with constraints in our acquisition environment and the accelerated rate of technology changes, sometimes once a system is fielded it is outdated the minute it is delivered. Much like your new smartphone - it's only the latest and greatest when you buy it. To improve our ability to upgrade quickly we try to remain open standards compliant and are looking at ways to automate testing and fielding processes to make capability upgrades on a smaller scale that can be fielded quickly, similar to how apps are delivered to your smartphone
.Warrior Maven: What role does rapid cloud migration play when it comes to defending cyberattacks?
📷Rear Adm. Barrett: We are definitely look to leverage the commercial cloud where we can and believe that the big data analytics the commercial cloud providers use will help us to detect and react more quickly to threats. Again, this is where AI will help with the analytics and being predictive in looking for indicators of potential compromise. We will still need to "command and control" our information in the commercial cloud and view the cybersecurity in that environment as a shared responsibility between us and the commercial cloud provider. The threats in the commercial world are the many of the same threats we face on our military networks and the tactics adversaries use like phishing and denial of service attacks happen every day. We hope to leverage improved speed in the commercial cloud for implementing cybersecurity defenses more uniformly to protect our data. There are many other advantages of using the commercial cloud such as improved access to information from anywhere and that you are not tied to a particular network or device to access data you need. Storing data in a cloud environment (government or commercial cloud) and using web services to access those data will give us more agility and flexibility and the cybersecurity of using virtualized servers offers potential cybersecurity benefits as well. While there is great interest to move to the commercial cloud across the Navy and the Department of Defense, this is new ground for us and commercial industry. Getting it right is more important than getting it fast. So we need to migrate our data deliberately so we ensure we have mechanisms in place to command and control our data as we need to for mission assurance.
Warrior Maven: What are some particular areas of cybersecurity focus for the Navy?
Rear Adm. Barrett: One of our focus areas is that cybersecurity is an "all hands" effort. Everyone has a responsibility to protect, defend and operate the network responsibly. The reason we have cybersecurity awareness month is to focus on the user and we encourage Commanders to use every opportunity to push this message out. Providing real world examples helps drive home the point that the threat is real and everyone on the network can be a target of an adversary. We focus on cyber hygiene and good TTPs for users and operators and rely on technology like sensors to help us detect anomalies. Again, being able to have a resilient warfighting operational platform is our goal and that involves, people, processes and technology. Adversaries will continue to be increasingly creative, which is why we need to have multiple means to defend our networks.
Warrior Maven: Of course much is being made of Russian cyberattacks - and a Congressional report cited the Defense Science Board as having identified Chinese cyber-theft of some US military weapons systems - including elements of the F-35?
Rear Adm. Barrett: We don't lack for capable adversaries and network attacks are a cheap way to achieve an effect over building conventional warfighting forces like ships and planes. From a cyber perspective we worry about nation state and non-nation state actors (i.e., ISIS and criminals). By having a good defense in depth strategy implemented we can use technologies to help identify anomalies and threats and proactively implement countermeasures to prevent attacks. This involves a combination of the same type of technologies commercial industry uses like host-based security systems, sensors, processes that relay on industry standards and best practices. For example, you do not want to allow use of protocols that are not standard which you cannot monitor very well. Building and maintaining networks with adherence to open industry standards makes them easier to maintain and protect. This is far preferable to a proprietary piece of software which can only be used in a specific way. Even leveraging the open source community has advantages from a cybersecurity perspective where vulnerabilities are vulnerabilities can be seen by the whole community and solutions crowdsourced.
Warrior Maven: Some DoD and Navy developers have emphasized that certain commercial technologies can improve cybersecurity by keeping pace with the most current threats and solutions such as patches and fixes able to address them?📷
Rear Adm. Barrett: We want to draw upon commercial innovation to anticipate potential attacks earlier in the process and defend against them to include measures to apply patches and fixes quickly. All the services are working towards that same objective. We hope for changes in acquisition and how we build and field capability to become agile, so we can quickly integrate new technologies faster. Technology developed in industry is going to revolutionize the way we process, store and use information. The DOD is no longer the lead in development of those types of capabilities as we were years ago and the competition in commercial industry gives us many options and opportunities. Our systems commands are looking at different ways to accelerate integration of new capability. By the same token we need to understand how our adversaries will likely use those same technologies and develop means to deny or disrupt their use of those capabilities at the time and place of our choosing.
Warrior Maven: How might emerging cyber and IT approaches better facilitate at-sea operations and maintenance?
Rear Adm. Barrett: For example, putting in place mobile technology for Sailors will help when it comes to ship maintenance. Testing has been done on wireless, hand-held devices for example and how we could securely architect a wireless environment afloat to support those types of activities. We will continue to work towards that end state.
Warrior Maven: What are the most recent developments regarding the testing of Joint Regional Security Stacks?
Rear Adm. Barrett: The Joint Interoperability Test Command is conducting an Operational Assessment to assess the maturity of the JRSS v1.5 technologies, people, and processes to identify areas of risk. A Full Adversarial Assessment (AA) will also be conducted using multiple attack vectors. As the Navy recently migrated its first network behind JRSS 1.5, Navy involvement in the JRSS test/development environment will allow Navy testing of the operational capabilities provided with JRSS 1.5 and support the Navy's decision timelines for implementing JRSS. The testing of JRSS utilizes a succession of events that encompass all levels and types of testing performed during the lifecycle of a version.
Warrior Maven: How will this help evolve and implement JRSS?
📷Rear Adm. Barrett: The collected data from the testing events allows DoD to identify gaps in JRSS capabilities needed to support their further migrations. DISA is developing and delivering JRSS in three capability releases. JRSS version (v)1.0 consists primarily of Commercial-off-the-Shelf defensive cybersecurity products tailored to meet the Army's life-cycle replacement of its Top-Level Architecture security stacks. JRSS v1.5 provides the Air Force gateway defensive capabilities and introduces JRSS enterprise management with the JMS and transformative capabilities, such as full packet capture and analyses. JRSS v2.0 will provide Navy gateway defensive capabilities. USCYBERCOM accepted the role of JRSS Ops Sponsor in Nov 2016-developing the JRSS Ops CONOPS with DoD CIO support. The JRSS program is currently up and running (Operational). JRSS is being deployed in a phased approach.
Warrior Maven: What can we learn about the current implementation of JRSS?
Rear Adm. Barrett: The Army first began migrating and has over 478,000 Army Users behind JRSS. The Air Force has migrated network operations to four of the initial stateside JRSS locations at operational capacity - Joint Base San Antonio, Texas; Oklahoma City; Montgomery, Alabama; and Fort Bragg, North Carolina with over 370,000 users behind JRSS. We are fully engaged with DISA and the other services to leverage their lessons learned. We are actively pursuing our second of eighteen migrations of non-enterprise networks behind JRSS V1.5. Navy enterprise networks are scheduled to follow beginning in 4th quarter of 2019.
--This intv First Appeared Earlier this Year --