Checking in with the Army and Navy principal cyber advisors

Congress established service level principal cyber advisors in the 2020 defense policy bill. FCW sat down with the Army and Navy PCAs to get a sense of what their priorities have been in the past year.

Congress established principal cyber advisors within the military services in the 2020 National Defense Authorization Act as part of an effort to better synchronize oversight of the military’s cyber activities. The new civilian positions involve coordination and oversight, rather than direct authority over budgets and systems.

Terry Mitchell, the Army’s principal cyber advisor, told FCW that navigating the service’s missions and components has been the main focus for the first year of the new position.

“I think that's where Congress wants us to basically look: between the gaps and the seams and the no man's land and see what's being missed. What are things that are not being seen because they don't have somebody to advocate for it or to fight for it,” Mitchell said.

Mitchell, who was named to his post in September 2020, said that too many messages to Congress when it comes to cyber can lead to not having a message at all. “So what they're looking for is a message, a person to come talk to...to bring all the people together to have one voice,” Mitchell said, “and that's really important from a funding point of view, but it's also kind of important from a DOD point of view.”

So far, the principal cyber advisors have covered planning and funding issues, including the consideration of a cyber contingency fund.

“Do we need to create a contingency fund? We do it for war, but do we do it for cyber? Should there be a contingency response button for cyber because when we do a [program objective memorandum] every two years, you don't know if there's a cyber attack on the horizon; it's kind of that unplanned problem.”

The Navy’s principal cyber advisor, Chris Cleary, told FCW that carving out the distinction between the new role and the CIO role as it pertains to cyber -- while establishing communication lines to the service secretary -- were top priorities in the position’s first year. Cleary was appointed to his role last December.

“I think it's taken the Navy a little bit longer to find how they wanted to interact with PCA or, maybe said the other way, how the PCA [could] get on everybody's calendar. I'm in a much better spot now that I was, you know, four months ago.”

The CIO, Cleary said, is “responsible for providing the information environment -- and there's a very specific definition of what that is -- and as ones and zeros travel across that information environment, he is responsible for ensuring that it is built in such a way that it's resilient and survivable.”

The principal cyber advisor comes in to the right of the CIO’s mission, looking at the cyberspace activities and functions: cybersecurity, cyber operations and resiliency, such as critical infrastructure and weapon systems, and research and development, Cleary said.

The Navy’s version of the PCA’s approach looks like this, Cleary said: “Hey...I understand that most of your lane in the road is cybersecurity and you have a chief information security officer and I'm going to sort of pick up where the resiliency, and the warfighting side of this mission is, acknowledging that there is a brackish water area where cybersecurity overlaps. And weighing in on the adequacy of all of this.”

Cleary named weapons systems, critical infrastructure and the cyber mission force as his top focus areas that he’s encouraging the chief of naval operations, Navy secretary and commandant of the Marine Corps to “double down on” as cyberspace becomes “the new means and methods of warfare, that our peer adversaries, the Russians and the Chinese in particular, are wanting to specialize in. And in some instances, they're outpacing us. All is not lost, but we certainly need to give it the attention it's due,” Cleary said.

Mitchell said he’s interested in how cyber affects the Army’s readiness

“When people talk about cybersecurity with the CIO, they're more IT focused, where I'm trying to bring it to more of an operational discussion,” Mitchell said. “It's not a router discussion or cross domain discussion ... it is more in terms of if we don't get zero trust correct, how is it going to impact our ability to operate.”

The ransomware attack that hit Colonial Pipeline in May, which led to fuel shortages across the East Coast, potentially had downstream impacts on readiness, he said. There is fallout when the family of a soldier getting ready to deploy doesn’t have access to fuel, heat or an ATM because a utility company was hit with a cyberattack.

“There's myriads of ways that the family now will have to be burdened, if you will, as [the soldier is] trying to get out of the post. So where's my focus going to be: getting ready to go to war or my family?” Mitchell said.

On the budget side, principal cyber advisors are tasked with looking at whether the service’s wants, needs and aspirations line up with the allocation of resources.

“The CIO certifies the budget, the PCAs sort of come in over the top, particularly around the cyberspace activities portion of it, and weigh in on the adequacy of that, but the challenge is: where as a service, or as a department are we ultimately trying to go?” Cleary said, “and then weigh sort of those wants, needs and desires against the resources that are allocated towards it and then weigh in on the fact whether we're going to get there or not.”

Cleary noted that at present each military branch treats the cyber domain differently.

“There's not as much consensus within, I think, each of the services as how they're going to treat that domain. We acknowledge it from the threats that it poses to things like critical infrastructure and weapon systems, and traditional information systems and protecting data,” Cleary said.

But as he transitioned in the PCA role after being Leidos’ vice president of business development and strategy for cyber and signals intelligence, different questions and concerns arose regarding how the Navy’s workforce could respond to these threats, Cleary said. That is thinking about how to get an “adequately trained mission force whose job it is to fight in the cyber domain. How are we going to equip that force, both with authorities and tools and training.”

Cleary said the Navy has historically been platform-centric -- ships, planes, and submarines. But with cyber, there’s a “whole new problem set, and we're trying to figure out how to address that” while trying to stay aligned with the other service PCAs and with Rear Adm. Jeffrey Scheidt, the senior military advisor for cyber policy to the undersecretary of defense for policy, and deputy principal cyber advisor to the secretary of defense.

“We kind of speak with one voice on a lot of these things,” Cleary said.

This article first appeared on FCW. 

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.