Navy could add new cyber leadership slot

Navy Secretary Richard Spencer says adding a new assistant secretary for cybersecurity and tightening contractors' security practices are top priorities for 2020.

Spencer told Congress April 10 that a new assistant secretary for cyber would help centralize the service's current efforts and build an implementable cybersecurity policy structure.

"When it comes to a fifth assistant secretary [for cyber]," Spencer told the House Armed Services Committee, "that will be a compilation of what we have in the organization already at the secretariat level."

Spencer didn't provide many details on how the new position would work but expressed concern over security gaps in the defense industrial base.

The Navy has asked for about $10 billion for cybersecurity in its 2020 budget request and plans to take lessons learned from its recently completed cyber assessment to harden its networks, shore up defenses and hire more cyber specialists and digital warfare officers.

"It is a cultural issue, it is a mechanical issue, it is a hygiene issue for data, and it has to be led from the top," he said.

Additionally, the Navy is working on turning its assessment results into actionable guidance but with a keen eye on the industrial base from large companies to small businesses.

"We have to be able to encompass and provide them avenues to protect our data. One reason we're going to the cloud, the cloud allows us an ability to provide an avenue for some smaller organizations to be encrypted, to be protected without encumbering a lot of cost on them," Spencer said.

Adm. John Richardson, chief of Naval operations, testified on the service's ongoing tightening of contract relationships, data encryption at rest and in transit, two-factor authentication and greater visibility into its systems.