Just like how the military must respond to any adversary across multiple domains of the battlespace, so too have they responded to the threat posed by the COVID-19 epidemic.
Not only has the military repurposed advanced technologies to detect and slow the spread of the virus; they have also made substantial efforts to safeguard the cyber domain as military telework has become a necessity for so many more personnel.
It’s “really an amazing story,” Rear Admiral Kathleen Creighton, the Navy Cyber Security Division Director, remarked recently. “I’ve been in the Navy for 32 years. I’ve never worked from home, not one day,” underscoring that for many of these workers, the remote work experience is “brand new.”
Consequently, this unprecedented volume is a novel cybersecurity challenge for the sea service. Before the outbreak, the Navy might have seen “a few thousand people per day” accessing the maritime service’s network remotely. In a matter of weeks, however, the Navy had to ramp up that capacity to accommodate over 150,000 personnel—as much as a tenfold surge in capacity.
Naturally then, with so many relying on a virtual private network (VPN) to access sensitive DoD networks, military telework has opened up a new and more enticing threat vector for our nation’s adversaries.
Of course, many private sector companies need to be concerned about fortifying their cyber defenses to accommodate more VPN users. Additionally, facilitating the cybersecurity needs of military telework are compounded by the fact that to secure the DoD network infrastructure means securing—in addition to sensitive and classified information—weapons systems which are increasingly network connected.
Moreover, “the bad guys, as you would say, are always looking at what we’re doing,” Gregg Kendrick, Executive Director of Marine Corps Forces Cyberspace Command, commented during April’s virtual Sea-Air-Space conference.
What this means across the military then is that cybersecurity leaders have to reevaluate and model their network modernization efforts to meet the requirements of the moment.
The keys to the Navy’s cyber defense in the age of pandemic, RADM Creighton asserted, has been to accelerate its assessments of where network bottlenecks are, increasing software licenses as appropriate, and making sure that its infrastructure can securely handle this kind of traffic.
“Every decision we have made in regards to supporting the telework option…has been really focused,” Mr. Kendrick emphasized, “and we’ve really looked at our modernization efforts to ensure that we are aware of any of the advanced persistent threats and/or capabilities that are out there to ensure that we have a good resilient, as well as available network for all the warfighters and commands.”