Navy appoints new head of cyber after reports reveal major cyber vulnerabilities
The Navy announced a new head of cyber on Friday, after two blunt reviews in the past year found it could not compete in cyberwar with nations like Russia and China and had "significant breaches" in its cybersecurity systems.
The second review, seen exclusively by NBC News, made specific recommendations for how to fix those vulnerabilities.
To make the fixes, the Navy has hired Aaron Weis as chief information officer, a newly created position. Weis, who was serving as senior adviser to the Pentagon's chief information officer, will lead a new 25-person office dedicated to improving the Navy's cybersecurity, data, information management, digital strategy and business systems.
In 2018, a series of breaches of the Navy's networks and the networks of the defense contractors that supply it alarmed top officials because they put the Navy at a disadvantage compared to the nation's main military rivals, Russia and China. Navy Secretary Richard V. Spencer commissioned a report on the department's cybersecurity abilities.
Released in March, the report found significant issues with the Navy's data and digital information management. To address those problems, it recommended the Navy create an independent chief Information officer position, a role that had been part of Undersecretary Thomas Modly's responsibilities since early 2018.
A month later, Spencer asked an independent team of military and civilian experts to conduct another review and identify the Navy's shortcomings in both cybersecurity and cyberwarfare and provide recommendations on how the new office would function. The team was given unprecedented access to leadership, meetings and staff of the Navy and the Marine Corps to identify problems.
"We were extremely candid with what the challenges were that the Navy was facing," said Ron Moultrie, the former head of operations at the National Security Agency, who led the review team. "We talked about those weaknesses and we also talked about ways to address weaknesses and then we recommended a structure."
The key findings of the team's review, shown exclusively to NBC News by a Navy official with access to the report, underscored that adversaries of the U.S. have been learning how to infiltrate the Navy's vulnerabilities since the 1990s. It noted specifically that China has stolen critical military data from the Navy and massive amounts of trade secrets from private-sector contractors.
The report, which was delivered to the Navy in July and has not been made public, found the department was incapable of assessing cybersecurity and supply chain risks and that Navy collaboration was undermined due to distrust between leadership and other offices within the department.
There is a lack of uniform understanding of information management across the department, it said, and the Navy' was fixated on planning for physical wars while its competitors were focusing on cyberspace.
Modly told NBC News a position like Weis's is long overdue and will enable the Navy to better protect its business systems, sailors and Marines. "We can't be an effective Navy if we allow ourselves to continue to be vulnerable in these areas," he said.
As chief information officer, Weis will oversee four other chief officers of technology, data, digital information and information security, tasked with fixing the department's vulnerabilities. The Navy is expected to announce those hires next week.
"The most significant impact is how are we prepared to fight, defend or not have to fight in the future," Modly said. "Most importantly, how do we avoid sort of a cyber Pearl Harbor?"