Source: United States Navy
Each unique IT system and network we use assists us in executing our mission, but also provides our adversaries with new potential attack vectors in cyber space. This reduced attack surface can be further hardened by implementing Zero Trust design principles. Zero Trust helps us both to harden our networks to external threats and implement protections that prevent lateral movement when an adversary gains access, and in doing so can minimize the impacts of those attacks.
Each of your actions on the network or internet impacts the Navy’s cyber posture, from the systems you use, to the networks on which you operate, to the websites you visit. Each of these activities defines the attack surface that you create. Each window on the internet that you leave open represents a potential opening into the Navy’s and DoD’s information eco-system.
Criminals and adversaries use these windows to steal your identity and your online persona that permits them to traverse your online universe. This new attack construct is referred to as “living off the land”. Criminals and adversary steal credentials to authenticate their presence on our networks as an authorized user, making it extremely difficult to recognize an intruder on the network or in the system. Proper use of identity management is critical to our success as a Navy.
Recognizing your role in reducing the Navy’s attack surface in cyberspace is critical to the identification of new risk reduction opportunities. To better understand how the Navy is building a modern Enterprise Information Ecosystem, and how you can contribute in that effort, the Navy Blueprint for a Modern Enterprise Information Ecosystem, published in 2023, outlines the Navy’s vision for the future of Navy Enterprise IT, to include network modernization, enterprise architectures, Zero Trust, and continuous monitoring.