After several breaches, Navy picks new CIO of cybersecurity
Caitlin M. Kenney
Stars and Stripes
Aaron Weis on Thursday was named the Navy’s new chief information officer as the service looks to clamp down on leaks in its cybersecurity following several breaches that resulted in the loss of classified and sensitive information.
The breaches forced Navy Secretary Richard Spencer to order a service cybersecurity review. The results, which were released in March, raised a series of concerns, including how the Navy is organized to respond to cybersecurity issues and threats, and the vulnerabilities to its industrial base, such as its suppliers.
Now with Weis in place, one of his first tasks will be to develop a strategy for the information management of the Navy and to start prioritizing the biggest risks to the service, according to Navy Undersecretary Thomas Modly.
Before Weis was chosen as the Navy’s CIO, he was the senior adviser to the Defense Department’s chief information officer. His work included programs such as the Joint Artificial Intelligence Center and the Enterprise Cloud, according to his Defense Department biography.
Before joining the Defense Department, Weis has previously worked in the private sector for large corporations including Axalta Coating Systems, Tyco International and Siemens. Weis, 49, earned a master’s degree in business administration from Villanova University and a Bachelor of Arts degree from the University of Illinois.
Weis was hired by the Navy’s leadership because of his “sustained superior performance to lead at the Fortune 500 level with demonstrated results,” as well as his work at the Pentagon for more than a year that included helping to “shepherd the DoD CIO Defense Cloud Strategy,” a Navy spokesman said Thursday.
Until now, the CIO’s responsibilities have been undertaken by Modly. The Navy wanted to make certain that the CIO position stayed elevated within the Navy’s leadership, Modly said Aug. 19 during a discussion about the position with reporters at the Pentagon.
Weis also will serve as the principal staff assistant for the Navy secretary on information technology management, digital, data, and cyber strategy. The new position will oversee the department’s cybersecurity and information management and Weis will report directly to Modly and Spencer.
Weis’ new office will consist of two military deputies, one from the Navy and the other from the Marines Corps, and underneath will be four directorates — technology, data, digital information, and information security. Each directorate will be led by a chief officer. They will be located in the “E” ring, where executive offices are located in the Pentagon, in order to demonstrate its critical mission to the department, Modly said.
Changing the culture around cybersecurity is one of the Navy’s biggest challenges, he said.
“A lot of this is not technical. Rather it’s basic things like cyber hygiene that are not well enforced across the department that are causing a lot of these breaches,” Modly said.
This culture change applies not only to sailors and Marines but also to the Navy’s suppliers.
“[Suppliers] need to get on board with us because it’s been shown that it’s been very easy for our adversaries to hack into our systems, into our weapons programs through those second- and third-tier suppliers,” Modly said.
The Navy’s defense industrial base is one area where for years “global competitors and adversaries” have gone after “critical contractor systems with impunity,” according to the cyber review.
“They are relentlessly hacking into our systems, and I mean the Chinese, the Iranians, the Russians…and they’re trying to come at us in every possible way that they can,” Modly said.
©2019 the Stars and Stripes
Visit the Stars and Stripes at www.stripes.com
Distributed by Tribune Content Agency, LLC.