Chris Cleary, the Department of the Navy’s principal cyber adviser, is departing his role next month, he confirmed to DefenseScoop, as his three-year term comes to a close.
Cleary was the Navy’s first-ever PCA as Congress mandated in the 2020 defense policy bill that each service create such a role to provide insights on recruitment, training and readiness of cyber forces and acquisition of offensive and defensive cyber capabilities, among others.
Cleary, whose last day on the job is Nov. 21, told DefenseScoop that he enjoyed his experience as the Navy’s PCA and wished he could stay longer, but as the position is outlined currently, it was not allowed to be extended — something he knew going into the job.
However, that timetable may change in the future for top cyber advisers, he said, noting that he hopes his replacement is able to stay in the role longer than he did, given there needs to be more continuity to oversee change — especially on the civilian side.
“There is something to be said for having established the PCA billet and needing to understand it has to continue over time. The next person who comes in here, I hope, stays longer than three years, because for cyber to be successful, it really needs somebody in the seat that can spanned over the traditional sort of three-year [Office of the Chief of Naval Operations] tours,” he said during a call Tuesday.
Uniformed service members typically rotate in and out of jobs every couple of years, but one of the benefits of having DOD civilians is they can generally stay longer, which brings with it a sense of institutional knowledge, Cleary said. That allows for personnel to ensure policies and initiatives are set.
“There is something to be said for coming to these jobs and having some longevity to it,” he said. “For as quickly as cyber changes, a lot of things [we] are going to do are going to take a long time to get established. And this is not one of those things you can change your mind every three years.”
Reflecting on his time as a top adviser, Cleary said he is proud of the Navy’s Cyberspace Superiority Vision, published last October, which essentially laid out a paradigm shift in the way the service articulates cyber through the mantra “secure, survive, strike.”
The word “security” follows the word “cyber” almost 99 percent of the time, Cleary stated, adding that for the vast majority of the world, that’s apt. However, the Navy, as a warfighting organization, must be positioned to fight — and the term “cybersecurity” typically conjures discussions around IT such as zero trust, identity management and the like.
“What I’m trying to emphasize through the Cyberspace Superiority Vision is this is a warfighting function. It goes well beyond cybersecurity,” Cleary said. “That was kind of what the superiority doctrine was really about, was to take the whole subject of cyber, everything from security to warfighting and make it a topic of conversation and ensure that just wasn’t a zero-trust conversation.”
The Navy has always sought to secure networks, but Cleary noted that he’s especially proud of the work that’s been done to elevate operational technology within the department. It’s now something that’s discussed within the E Ring at the Pentagon whereas three or four years ago, OT or defense of critical infrastructure discussions wouldn’t have made it out of niche offices.
Now, the Navy acknowledges it needs to focus on defense of critical infrastructure just as much as ships, planes or submarines, Cleary said, predicting more resources will be rolling into that in 2025 and 2026.
The paradigm shift has really come on the survive-and-strike portion of the vision. Cleary has spoken in the past about the need to “fight hurt,” noting that warships are meant to withstand damage from attacks, but IT systems are not thought of in the same vein. Digital capabilities must be designed to fight through attacks just as physical platforms are.
When it comes to offensive strike, Cleary has sought to speak more openly about the fact that the Navy, as a warfighting organization, will use cyber weapons against adversaries.
“The strike piece of it, hey, this is what we do. Right? This is our business. Most of the things that you see in the Navy are platforms that are designed to deliver lethality. It should be no surprise that we are developing capabilities in the non-kinetic space to do those similar things,” he told DefenseScoop. “Now, we’re not going to tell you how they work. Just like I’m not going to tell you how a nuclear power plant on a submarine works. Right? But you know what’s out there. You know it exists … We’re not going to tell you how we’re going to do some of our cyber stuff, but to begin to talk a little more openly about the fact that cyber is a means and methods of warfare that we’re going to professionalize in which would allude to building capability to do those things, that shouldn’t be a surprise to anybody.”
It’s important for the Navy to acknowledge that cyber is not only a domain of warfare, but a core competency for it as a military service, he suggested.
Cleary noted that he’s passionate about the cyber mission and plans to continue to champion the Navy’s needs from the private sector, adding that he’d like to leave the door open to coming back into government in the next few years.