Military Embedded Systems

Navy launches CCORI program, begins risk assessment and cyber readiness inspection


June 06, 2018

Mariana Iriarte

Technology Editor

Military Embedded Systems

U.S. Navy photo by Mass Communication Specialist Samuel Souvannason

FORT GEORGE G. MEADE, Md. U.S. Navy officials announced that the U.S. Fleet Cyber Command's (FCC) Office of Compliance and Assessment (OCA) is launching its Command Cyber Operational Readiness Inspections (CCORI) program. This marks the first time type of inspection will be directed and conducted by the Navy as service cyber component of U.S. Cyber Command.

Navy officials explain the CCORI program is fundamentally different from previous Command Cyber Readiness Inspections (CCRIs). This new inspection program is mission-based, threat-focused, and operationally relevant. It assesses risk to organizational mission by evaluating threats to, and vulnerabilities found within information systems, networks, applications, and data.

According to Defense Information Systems Agency (DISA) documents, CCORI focuses on providing combatant commands and federal agencies with a greater understanding of the operational risk their missions face because of their cybersecurity posture. CCORIS were previously only conducted by the Joint Forces Headquarters-Department of Defense Information Networks (JFHQ-DODIN). The FCC OCA now conducts Navy CCORIs and CCRIs from start to finish.

"This is a milestone accomplishment for OCA and the Navy as we continue to mature this inspection process by building agile cyber inspection teams," Capt. Kristian P. Kearton, OCA director says. "Navy CCORIs identify real-world risk by discovering vulnerabilities as they relate to mission-critical systems."

A CCORI team consists of two dozen personnel, divided into three teams, including the OCA inspection team, supporting commands and site trusted agents. The Mission Element provides an assessment of the impact to the organization's mission if critical systems are compromised, the Vulnerability Element identifies technical and non-technical vulnerabilities, and the Threat Element assesses external, internal, and insider attack vectors based on the identified vulnerabilities.

"CCORIs provide unit commanders with the risks to their missions based on the network's current state of cybersecurity," says Cmdr. James Brown, OCA Mission Support and Inspection Team OIC. "They also provide JFHQ-DODIN and U.S. Cyber Command Commanders the level of risk that unit's cybersecurity is to the DODIN."

Since its establishment, FCC/C10F has grown into an operational force composed of more than 16,000 active and Reserve Sailors and civilians organized into 26 active commands, 40 Cyber Mission Force units, and 26 reserve commands around the globe. FCC serves as the Navy component command to U.S. Strategic Command and U.S. Cyber Command, and the Navy's Service Cryptologic Component commander under the National Security Agency/Central Security Service. C10F, the operational arm of FCC, executes its mission through a task force structure similar to other warfare commanders. In this role, C10F provides support of Navy and joint missions in cyber/networks, cryptologic/signals intelligence and space.