Navy looks for bigger stick to enforce cyber hygiene
- By Lauren C. Williams
- May 08, 2019
With the Navy describing itself and its contractors as "under cyber siege" by foreign hackers, it can't take any chances with sensitive data falling into enemy hands from employees who inadvertently click on a link in a phishing email.
The cyber hygiene issue is "one of the least costly to address," Navy Under Secretary Thomas Modly said. An education campaign can help people understand the importance of cybersecurity, but something drastic may be needed drive home that message, Modly told reporters following his keynote address at the Sea Air Space conference in National Harbor.
Some companies test employees with internal phishing campaigns that can result in termination for those who take the bait too many times. Modly said the Navy is likewise looking at punitive measures to get users to take cybersecurity more seriously.
"We're looking at ways to create sanctions for people for not following hygiene. We're not trying to be draconian here, but the ramifications of not having tight controls over our data are pretty dramatic," he said. "At the end of the day, it ends up costing people's lives, so we have to just get people more seriously about thinking [about cyber] that way," while also "getting a lot more creative about how we make it painful" for intruders.
The Navy completed a cybersecurity review in March that pinpointed areas in need of improvement. The report found that annual training was "far too basic and one-size-fits-all." It also "underemphasizes the realities of the cyber threat" to the point that "the workforce is led to believe that cybersecurity is simply a matter of routine compliance, which enables seeing security practices such as password protection and email vigilance as needlessly burdensome."
A longer version of this article was first posted to FCW, a sibling site to GCN.
Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.
Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.
Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at email@example.com, or follow her on Twitter @lalaurenista.
Click here for previous articles by Wiliams.