How to deliver more secure capabilities to the warfighter, faster
Rethinking the delivery process for new capabilities is essential to put cybersecurity and the warfighter front and center.
Conversations about cybersecurity often involve a balancing act: the need to balance security with user experience to avoid fatigue, the need to balance new capabilities with efforts to curtail complexity. But Jane Rathbun, chief information officer of the Department of the Navy, said during an AFCEA West panel that there’s one situation where striking a balance is the wrong move.
“The question about how do you balance innovation with cybersecurity? It’s not a balance. It is not an either-or. It’s a yes-and,” she said on Federal Monthly Insights — Secure Collaboration. “We have to really think about innovation with cyber operations in mind when we talk about future capabilities. I constantly say we have the warfighter requirement. And part of that warfighter requirement is the cyber operators’ requirement. If they cannot command and control the space, we are not secure. You are not secure.”
The key, she said, is to be innovating constantly, but with the thought of cybersecurity always at the forefront. That involves building a culture of cybersecurity, she said, so that it’s no longer an afterthought. That means building zero trust principles into everything, so that it’s possible to tell who’s accessing data, from what device and classification level, and what the risk to the data is.
Lt. Gen. Melvin “Jerry” Carter, deputy commandant for information for the Marine Corps, said to accomplish this mindset, the Marines start with the threat in mind. After all, cyber adversaries are advancing and innovating extremely quickly as well. So the threat perspective needs to be ever-present when developing new capabilities.
Rethinking the process
But Rathbun said that’s just the beginning; the entire process for new capabilities needs to be rethought.
“One of the things that I think we need to innovate in this space is how we actually build capability. We have a traditional process that starts with an ICD requirement, moves into a resourcing phase, moves into an acquisition strategy development, and then we start design,” she said. “In the future, I think everybody needs to be in the same car. The operator … the acquirer, the resource sponsor, the requirements representative of the operator and the industry partner that’s working with us. You’ve got to be all in the car upfront at the beginning. We cannot do it in a linear fashion. We won’t get there fast enough in this space and we will potentially leave you hanging.”
Rathbun said that happens too often at the moment: “50% of our systems do not meet the cybersecurity requirements that they’re supposed to have when they’re fielded.”
Putting the operator first
R. Adm. Vince Tionquiao, meanwhile, said the other thing to keep in mind from the beginning is that these capabilities will eventually be in the hands of the operators and maintainers. Those people need to be able to understand as quickly and easily as possible how to understand, use and repair it.
Some questions Rathbun said to consider in order to simplify things for the operator include:
- Where and how to automate?
- How to provide dashboards and triggers for necessary information?
- How to think about the end-to-end architecture in order to simplify it?
“One of the ways we can do that as part of that production is through iterative experimentation … as they answer some requirements and they’re in their initial phase of development, getting them out there in the hands of the warfighters early in an experimental environment, I think is important,” Tionquiao said. “You get iterative feedback, and it’s an environment that it’s okay to fail in.”
Copyright
© 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
