The Navy is grappling with how it will approach maritime-specific, war-fighting problems in the technology sphere and cyber domain.
As adversarial capabilities and boldness continue to grow the, Navy and its sister services are trying to figure out how to compete in an increasingly complex world. One effort the Navy is undertaking is the “Hack the Machine” project, spearheaded by the Naval Postgraduate School.
“The Navy’s Hack the Machine series is really trying to kick-start a grassroots effort in maritime cybersecurity [that] spans government, academia and civil society,” Cmdr. Zachary Staples, director of the Center for Cyber Warfare at the school, told C4ISRNET.
At the beginning of the year, NPS hosted a hack-athon at the Capital Factory in Austin, Texas, that invited hackers to infiltrate a virtual ship at sea, which was built by NPS’ partner in the effort, Booz Allen Hamilton. Hack the Machine is a follow-on to an event in summer 2016 called “Hack the Sky,” which focused on drones.
“The format we developed was really aimed at one central theme, which is how do we get America’s young, innovative willing to take risk entrepreneurs onto the United States Navy’s most difficult problems,” Staples said. “The real win are the young people that will come up to me and [say]: ‘We didn’t even realize you guys had cool problems.’”
This project is essentially aimed at courting nontraditional, technical talent separate from the classic large prime defense contractors.
“We walk away with true insights into maritime cybersecurity that we would have never gotten from the military or defense contractors given the participants,” Staples said. “Hopefully, [we’ll] get a new set of entrepreneurs to bid with the Navy and create a safer world.”
In standing up the Defense Digital Service at the Pentagon, former Secretary of Defense Ash Carter tried to instill a startup mentality within the Department of Defense to not only court innovative ideas to get at some of the agency’s most difficult problems, but also create an additional avenue for Americans to serve their country in lieu of putting on a uniform. DDS created pathways for techies to come in for a short tour of duty.
Staples said primes, such as Booz Allen, can help mentor smaller companies and startups with no knowledge of defense-specific problems or the Federal Acquisition Regulation.
“How do we engage a different group of individuals with different experiences?” Brian MacCarthy, principal and director at Booze Allen, told C4ISRNET.
The Navy has taken a keen eye toward small business engagement with the slogan of the Navy’s Office of Small Business Programs being “Small Business — The First Option,” according to a written response to C4ISRNET from the office’s director.
“This is to say that small business should be considered at the onset of the acquisition process, to see whether the product or service the DON [Department of the Navy] needs could be provided by a small business,” Emily Harmon added. “Small businesses are, and will continue to be, key contributors as we rebuild and reform our Navy and Marine Corps to meet the demands of the maritime environment, today and in the future. The DON OSBP is committed to fostering a culture that meets these challenges by leveraging Small Business as a strategic advantage.”
It’s no coincidence the event took place in Austin. To MacCarthy’s point, places such as Silicon Valley, Seattle, Austin and Boston are technology hubs rife with untapped talent for the DoD. The Pentagon has begun to establish its own technology outposts in these areas — first in Silicon Valley, then Boston and Austin — to help court these companies and develop rapid solutions to problems ahead of the lengthy acquisition process.
As an additional facilitator, Harmon attended the event to introduce to small companies the Navy’s “cool” problems and many pathways to bringing the service solutions, said Staples.
Small business is the innovation engine of the economy, according to Staples, and if the Navy doesn’t find a way to work that into cyber capability, it will be a strategic risk in cyberwarfare.
The other component to this effort and exercise involves a public facing debate about being a democratic and cyber-strong nation, Staples said, adding that there is talk over what a U.S. Navy that both ensures freedom of maritime navigation and cybersecurity would look like.
In terms of what the hack-athon effort might bode for the future Navy, Staples said the service won’t stand up its own digital service like the Army. Hack the Machine is not a bug bounty program like Hack the Pentagon — run by the Defense Digital Service — and Hack the Army — run by the Army Digital Service — or the most recent effort, Hack the Air Force, all of which focused on discovering vulnerabilities on public-facing websites.
Rather, Staples said, the Navy wants to ensure safety of the seas and safe passage. While the Army has typically established corps to address emerging problems — the Army Air Corps during World War II, which was the Air Force’s predecessor organization, for example — Staples said that is not the Navy’s model.
“How do you do anomaly detection in maritime network traffic? how do we look at alternatives to GPS?” Staples said. One of the challenges following the hack-athons, Staples said, is that after the Navy collects event insights, it must figure out a way to organize itself to get at military-relevant outcomes.
The service continues to wrestle with this, he said.
The next step for the Hack the Machine effort will be a continuation of similar events in other technology hubs around the nation to cultivate talent and spread the word about “cool” Navy problems.