Vice Adm. Craig Clapperton, commander of U.S. Fleet Cyber Command/U.S. 10th Fleet in 2022.

Vice Adm. Craig Clapperton, commander of U.S. Fleet Cyber Command/U.S. 10th Fleet in 2022. U.S. Navy / Mass Communication Specialist 1st Class William Sykes

No phishing: Navy uses automation, data analytics to protect seagoing networks

10th Fleet is also working to help ships’ cyber defenders reach back to experts on land.

SAN DIEGO—The Navy is using automation and data analytics to boost cyberdefenses for its unclassified networks—while making cyber operators’ jobs a little easier, the head of Fleet Cyber Command said Tuesday. 

“Instead of an operator having to read through millions and millions of pieces of data to try to identify commonalities and what's going on on one part of the network, and what's going on across another part of the network that might be significantly spread across the world, the analytic is able to point to us and say, ‘This is where you should be concerned,’” Vice Adm. Craig Clapperton, the head of U.S. Fleet Cyber Command and 10th Fleet said here during WEST 2024, an annual Navy IT conference. 

The tools, which use a combination of data analysis and automation, can hunt for and flag suspicious activity and also group incidents together. But the helpfulness stops at attribution, which is where the human operators come in, Clapperton said.

“Sometimes the machines aren't as great at dissecting and getting down to the attribution of it and how you should solve the problem,” he said. “So this is where the AI and machine learning and the human [operator] have to come together to maximize the benefit from that.” 

Over the past year, Fleet Cyber Command expanded its use of these tools that detect when devices are logged onto the network  and those needed for identity verification to all of the Navy’s unclassified networks Clapperton said.

“That includes our overseas platforms, [education] platforms. And…we're in the process of, no kidding, eliminating what we call accepted networks, which have been networks that have been able to operate outside our visibility of those endpoints and that identity, which then poses the greatest risk to adversarial access,” he said. 

The Navy also wants to use the same data analytics capabilities that can help decipher malicious network activity on land to secure platforms at sea. 

“We have a very clear way forward for how we want to approach the classified ashore infrastructure. How are we going to push that out to the afloat infrastructure and the afloat networks? That's a unique problem for the Navy,” he said. “There's bandwidth problems, there's technology problems, there's how you're going to move the data through the ship's network.”

Another concern is detection. To stay undetected, sometimes ships can’t use tools that emit signals—which makes sending and receiving crucial cyber analytic data impossible. So, the Navy is also working through how to best protect its networks even when signals are weak or non-existent. U.S. Pacific Fleet is leading that experimentation with software solutions and satellite communications, among other things, Clapperton said.

“We are then able to really figure out new and exciting ways to move that massive amount of data through the bandwidth we have, and then again to bring that insight back to an analytics so that we have visibility from a remote location to help instruct local defenders as to what they need to do, as well as take action remotely,” he said.