Earlier this month, C4ISRNet sponsored their annual C4ISR Conference, which brought together industry and military leaders to discuss the challenges facing the DoD in the areas of command, control, communications, computers, intelligence, surveillance, and reconnaissance.
With IT capabilities playing an ever-increasing role in military operations, and cybersecurity a persistent and unavoidable threat to deny these capabilities in theater, it was of little surprise that securing military networks was one of the most hotly discussed topics at this year’s conference. In fact, there was a dedicated cybersecurity panel entitled, “The State of Cyber: A Look at Capabilities and Progress,” that focused on how the disparate branches of the military are responding to the cyber threat.
During that panel discussion, each of the panelists made it very clear that the cyber threat is constant, and that the military needs to be prepared to operate in an environment where IT networks and capabilities will be denied to the warfighter.
This sentiment was reflected by Rear Adm. Barrett, the Director of the Navy Cyber Security Division within the Office of the Chief of Naval Operations, when she said, “…what if you don’t have [your network] for a month? And you’ve built all your processes around being reliant on your data that way? How are you then employing processes that are not technology to work around that and get your no-fail mission done without your network?”
We recently sat down with Nick Trzcinski, the VP of CSRA’s Navy & Marine Corps business area, to better understand how the military is utilizing networks and IT capabilities in theater, learn more about how adversaries may compromise or deny those capabilities, and discuss some ways that the military can better protect those capabilities for the warfighter. As a former Naval Officer with nearly a decade of experience in the Navy’s submarine fleet, Nick watched first-hand as the Navy and Marine Corps transitioned to IP-based communications. Today, he serves on the CSRA team that helps to maintain and support the IT networks that are at the tip of the spear for the DoD.
Here is what Nick had to say:
Thinking Next (TN): How have IT capabilities and connectivity changed the way we wage war? What capabilities are available to the warfighter today—in theater—that haven't been available in the past?
Nick Trzcinski: It really comes down to how we're using different communication paths and how we're communicating differently from ways we have traditionally in the past.
I am fortunate to have a perspective on this because my active duty Navy career happened when much of that shift was underway. And that shift involved moving away from traditional, hardened, fully-encrypted communications designed in the Cold War construct, and transitioning to the use of IP-based solutions, such as tactical chat and chat rooms onboard ships and submarines. That was something that was just rolling out in the early 2000's when I was doing Fleet operations. And that really changed the way the Fleet communicates tactically today.
It was a really interesting shift in that when it was first rolled out, it was a novelty—you couldn't use the new capabilities for tactical control or official direction. They were there for situational awareness, but you couldn't issue an order over them. But what the Fleet figured out—very quickly, to their credit—was that the communication over a typed chat was a lot clearer than garbled radio communications.
Today, CSRA maintains the ONE-Net Network overseas, and that took a very quick leap from an administrative system to an adjunct tactical system used to command and control forces. Today, ONE-Net supports the Fleet in a very direct, tactical way. It assists in coordination, ensuring support ships are where they need to be. And it helps in the passing of logistics information and plays a significant role in the managing of personnel—something that, not that long ago, was a novelty is now critical. And it has to always be available.
TN: How can these capabilities be disrupted in theater by adversaries? What is the impact on the warfighter?
Nick Trzcinski: I think there’s an interesting point to be made here about the different adversary sets that we face. The military did an admirable job pivoting from a Cold War mindset in the 90’s to one where we spent most of our time engaged in counter-insurgency, peacekeeping and humanitarian missions in places like Iraq and Afghanistan.
One thing we didn't have to worry about in those theaters—Iraq and Afghanistan—was disruptive network capability and communications deniability. In both theaters, we enjoyed air superiority and—for the most part—overwhelming logistics superiority. So, denial of communication was not one of the many challenges we faced in those theaters—except for the forces operating in the most remote areas.
Today—in some ways—we're facing a return to older concerns, when adversaries such as the Soviet Union had the ability to disrupt military communications on a large scale. It's really a case of, "The more things change, the more they stay the same." The technologies are different, but the concerns about widespread denial of network connectivity are similar to the impacts of widespread communications disruption that we might have worried about in the 60s, 70s, and 80s.
One thing that is new, however, is the weapons that are available to enable disruption in the form of offensive cyber capabilities from state actors and independent actors. We just saw this recently with the proliferation of the WannaCry ransomware. Our systems were protected from that, but it was illustrative of the impact of having an administrative workstation denied to you, and having all of those capabilities missing.
TN: What does the military need to do to better secure the IT systems and the capabilities or applications that they deliver?
Nick Trzcinski: The military, and the Navy and Marine Corp in particular, have the right strategic approach, which is to include cybersecurity in everything that they do. So, every time that they're deploying a new weapons system, or a combat platform, or a new facility or anything, cybersecurity has to be a major part of the planning and considerations for that new capability. That is something that the military has focused on for a while.
But the tension is, of course, that those things require investment. The President’s Executive Order on cybersecurity and recent Congressional actions on cybersecurity funding are the key to protecting these amazing capabilities that we bring to the warfighter. It's the shield that keeps those communications open.
Also, cybersecurity is a field that moves incredibly quickly—faster than the requirements of traditional programs of record. So, collaboration and partnership with industry members that can bring leading edge cybersecurity tools to the defense department is going to be the only way that the government can even hope to stay abreast or ahead of our adversaries. There is definitely a role for partnership. The NextGen communication technologies available to the Fleet and the Fleet Marine Force give us a tactical edge, but it requires the application of NextGen cyber protections to keep them safe and available.
TN: Is there a high priority area where the military should be partnering with industry and focusing their efforts to better secure their networks?
Nick Trzcinski: I worry about the pockets of legacy equipment running throughout the DoD complex. One area where we should be partnering immediately is in the elimination of these older, legacy systems.
The recent WannaCry ransomware attack that I mentioned previously shows the importance of partnering to get rid of those things as quickly as possible. That ransomware attack was a teachable moment, in that it was not an issue if you were working with a patched, up-to-date operating system. Although the DoD was not affected—to my knowledge—it shows how much of a liability legacy equipment can be.
Nick Trzcinski has more than 15 years of Defense experience, both in and out of uniform, supporting a varied array of customers in the Navy, Marine Corps, Joint Staff, and the Secretary of Defense’s office. He has experience in the areas of professional services and analytics, IT infrastructure, software development, command and control, and weapon control systems. As Vice President of CSRA's Navy & Marine Corps business area, Nick leads a diverse portfolio of Defense programs under the auspices of the Navy and Marine Corps, and unique to the Pentagon environment, and is responsible for new business acquisition and program execution in these market areas.