The Navy can be its own worst enemy when it comes to cyber, says Navy CIO

The modern Navy faces a range of challenges vastly different than those of the past, but sometimes what trips up a military department is the military department itself. Two of Defense Department's biggest hurdles, acquisition and cybersecurity, are prime examples of areas that sometimes are harder to master than they have to be, said a top Navy official.

A lack of education and understanding make both the acquisition process and cybersecurity more complex than they really are, Terry Halvorsen, the Navy CIO, said May 3 at the AFCEA Naval IT Day conference in Vienna, Va.

Halvorsen acknowledged that federal acquisition is a complicated process, but said the Navy is making progress in streamlining the system, particularly in IT acquisition, as it becomes increasingly critical to drive down costs.

“A lot of times we say the acquisition process is the problem, but when we get through it I find there’s more flexibility in it than I know. But we don't ask the right questions – ‘we’ being the government and industry,” he said.

Halvorsen singled out certification and accreditation as being particularly important to making acquisition easier and saving money. He added that he’s working with other DOD agencies, including the DOD CIO office, DISA and the Marine Corps on improving reciprocity and testing products with industry.

The Navy also is looking to simplify and improve network protection, targeting the varying levels and types of security that make it more complicated and harder to implement an enterprise approach to cyber defense. Part of the answer involves working with private sector, but not necessarily in the traditional sense of industry leading the way.

“We have let security be the elephant in the room, and it doesn’t have to be. We certainly have a security requirement that is higher than in many areas…but I think that delta is growing smaller,” Halvorsen said. “When I talk to the finance and banking businesses, they’re very interested in what we’re doing in security, because they’re seeing some of the same problems.”