IMPORTANCE OF USER CYBERSECURITY RESPONSIBILITIES:
R 252109Z FEB 22 MID200001508684U
FM CNO WASHINGTON DC
INFO CNO WASHINGTON DC
MSGID/NAVADMIN/CNO WASHINGTON DC/N2N6/FEB//
SUBJ/IMPORTANCE OF USER CYBERSECURITY RESPONSIBILITIES//
NARR/REF A IS THE DEPUTY SECRETARY OF DEFENSE MEMORANDUM ON THE IMPORTANCE OF
MAINTAINING CYBER AWARENESS.
REF B IS THE CHIEF OF NAVAL OPERATIONS NAVIGATION PLAN ON THE NAVY'S
STRATEGIC DIRECTION AND LONG-TERM COMPETITION
WITH CHINA AND RUSSIA.
REF C IS NAVADMIN 216/21, OCTOBER 2021 CYBERSECURITY AWARENESS MONTH.
REF D IS NAVADMIN 244/21, FISCAL YEAR 2022 CYBERSECURITY AWARENESS
RMKS/1. Adversaries of our nation are constantly working to find and exploit
our vulnerabilities. We MUST exercise good cybersecurity habits at work and
at home to protect the Department of Defense (DoD) against cyberattacks.
2. Cyberattacks against businesses and U.S. infrastructure are increasing in
frequency and complexity. DoD and federal law enforcement report adversary
interest in our remote work infrastructure. This means that you are a target
- for your access and your information.
3. Over the past two years, the Navy has modernized and extended the reach
of our information technology outside traditional security boundaries. As we
provide access to more capabilities in more places, every member of the Navy
team must play an active part in our cyberspace defense. This boils down to
a. You MUST follow policy. You signed the Navy Acceptable Use Policy
and completed your annual cyber awareness challenge. You know what is and is
not allowed on our networks. Those rules exist for a reason - to protect you
and to protect the network - follow them.
b. You MUST report. When something does not look right, report it. If
someone is trying to do something that is not right, report it. Do NOT
accept that "this is just the way things are" or "this is not a big
deal." Your Information Systems Security Manager and our cybersecurity
professionals are responsible for determining where the reporting stops.
4. We have seen adversaries exploit policy transgressions on Navy and
private home networks by:
a. Stealing or guessing weak, non-unique, or overused credentials and
b. Downloading and unknowingly installing malware embedded within
documents like evaluations, fitness reports, and pay tables from unofficial
websites and sources.
c. Posing as fellow service members, patriotic military supporters, and
veterans to dupe you into revealing sensitive and sometimes classified
information or inadvertently download malware.
5. Each of these incidents cost time and resources to address and put our
Sailors and our national maritime sustainment and capabilities at risk. Do
your part - be cyber smart and protect Navy data and systems.
6. With heightened tensions throughout the world, ensure your team
understands how the actions of a single user can impact our global
force. Take time at quarters or your next staff meeting to discuss why
vigilance by everyone will make the difference between our continued mission
success and our failure to meet the tasking of our nation. Every one of us
is crucial to our cyberspace defense.
7. Released by VADM Jeffrey E. Trussler, Deputy Chief of Naval Operations
for Information Warfare, OPNAV N2N6.//