Washington, DC - Capt. Kris Kearton, director of U.S. Fleet Cyber Command's (FCC) Office of Compliance and Assessment, spoke about Command Cyber Operational Readiness Inspections (CCORI) alongside officials from Joint Force Headquarters - Department of Defense Information Networks (JFHQ-DODIN) during TechNet Cyber 2019, at the Baltimore Convention Center, May. 15.
The panel focused on the transition from the compliance-based Command Cyber Readiness Inspection (CCRI) to CCORI’s mission-based, threat-focused, operational risk approach.
Joining Kearton in the discussion were Army Lt. Col. Claudia Henderson, division chief of intelligence plans/exercises, JFHQ-DODIN, Dr. James Matlock, director DODIN Readiness and Security Inspection (DRSI), JFHQ-DODIN, and Todd Wilkinson, cyberspace operations planner and assessment analyst, JFHQ-DODIN.
The panelists spoke about how CCORIs modify and improve upon CCRI inspections by assessing risk to an operational mission through evaluation of threats to and vulnerabilities found within information systems, networks, applications and data.
Kearton spoke about how, unlike the older cyber inspections, CCORI enables various groups to start talking a similar language – risk.
“Under the old CCRI compliance-based inspection, it was difficult to understand the impact of vulnerabilities on the network much less prioritize their fix actions,” said Kearton. “By starting with a common operational risk lexicon, we allow leadership at all levels to talk about a how to reduce the cyber risks that support mission.”
FCC conducted its first CCORI as a cyber service component in the summer of 2017. Kearton said that inspection was done from start to finish with minimal oversight from Defense Information Systems Agency (DISA) and JFHQ-DoDIN.
“When we first did a pilot for CCORI and saw how all the elements of this inspection combine and assess risk to mission, it became pretty clear that this was something the Navy should,” said Kearton.
Kearton added that the CCORI process allows the Navy to synchronize and align all cyber assessments and inspections to ensure the best use of limited resources and maximize their effectiveness.
“We are looking at the larger networks and the commands that use them in order to better understand the operational risk they incur by using that network,” he said. “That gives us a lot more coverage and context than inspecting an individual site.”
TechNet Cyber is a staging area for military, industry and academia to discuss and plan how to achieve persistent engagement, persistent presence and persistent innovation.
FCC is responsible for Navy information network operations, offensive and defensive cyberspace operations, space operations and signals intelligence. Comprised of over 14,000 Sailors, Reservists and civilians stationed across the world, C10F is the operational arm of FCC and executes its mission through a task force structure similar to other warfare commanders.