I am going to talk about the shipyards. But before I do I’d like to really talk about the thing that’s probably first and foremost on my mind and on the mind of my leadership team, and that is the cyber challenges which are associated with the control systems that NAVSEA is responsible for putting on all of our ships. And that’s a little different context than what you read about in the newspaper. What you read about in the newspaper is almost all about information systems. The things that you get your email on and the place where you store your bank information. Those are really important, and those are getting most of the money and most of the attention as you look across the Navy and across the services of the Department of Defense. Well, what I’m going to be talking about is controls systems, and controls systems are different.
The National Institute of Standards laid this out pretty clearlyInformation systems deliver information, and if the information’s not there, it’s a bad day. Controls systems control things like big machines, in our case, like guns and missiles and things that kill people. If those go wrong, there’s a chance that people could die or really, really bad things would happen. And so controls systems are different in that context and you can’t just do what you do for your IT systems on your controls systems.
Controls systems are a tremendous challenge for us and something that we’ve got to take on. I believe that it was serious enough, that the business plan that I wrote when I came into the job, I rewrote it, and reissued it with a whole pillar about cybersecurity. And cybersecurity, about the systems on board then ship that NAVSEA is specifically responsible for, that’s the controls side.
I am very interested in industries’ input on this, because if we think about it, we realize that a lot of the companies that are represented here and many of the other companies, have things they’re doing in this space, in the cybersecurity space, particularly related to controls systems. So we are having an industry day there at NAVSEA headquarters. And we’ve asked people who know things about controls systems, cybersecurity to come in, so we can lay out a broad plan that we’ve got in place and start to get some feedback from industry about that. This is a little different than buying a new network and making sure that network is cyber secure, because our controls systems are interweaved into everything we build. It’s interwoven into the radar system and into the missile controls system. The electronic cut-outs for the guns, the primary logic controllers on the gas turbines and diesel generators. And because of that complexity, this isn’t just for the IT companies.
I went through the invitation list for the cybersecurity industry day earlier and I asked where are my shipbuilders? My shipbuilders buy, in many cases, particularly in the services ships, buy the controls system off a commercial shelf for us. You all need to know where it is we’re headed and how we’re intending to do that. So you’ll get a call, you shipbuilders out there, you’ll get a call inviting you to come join us next Friday. I’m very, very interested in your inputs on that. And also, if you’re in the combat system realm, which many of you are, that’s another area where we specifically have to go at that. We have created a number of changes inside the NAVSEA life lines and address this.
First and foremost, I had to significantly up gun my CIO, my Chief Information Officer. That billet head had traditionally been a GS-15 and was about networks and was about keeping the Admiral’s NMCI running. That was not good enough. We now have a senior executive as a CIO. We are hiring up. We are almost to our expected end strength, and that includes people capable of running major automated information system acquisitions. It turns out we have to go renew the scheduling and work control system that we run our public shipyards with. You guys have gone
through this, I know in the front row. It’s 17-18 years old and it is
not securable in any way. So we have lots of work to do on that.
Other changes we made, the Center of Excellence for Machinery Controls, of course, is what was formally NAVSSES Philly.
NAVSSES Philly was a subordinate to the Naval Surface Warfare Center Carderock Division. We have moved Philadelphia back to Echelon IV. It is now Naval Surface Warfare Center Philadelphia Division. And it has a specific mission, to help us neck down the number of machinery control systems we have in the Navy and make those systems cyber securable; design in that cyber security from the beginning. So that transition took place on the 1st of October, and there’s an advertisement out to select a senior executive as the executive director of Philadelphia. If you’ve never been to Philly, we have a mockup of the engine room of almost every surface combatant in the Force, with the machinery control system. Not a mockup, but an actual functioning control system.
Our intent is to use that as our laboratory where we’ll go check ourselves to make sure that our controls systems are secure and that when we need to patch, that we can test it on a functional system without having to test it on a system that’s out operating. The worst of all worlds is you go patch your machinery control system, and the gas turbine shuts down, because you change some digit in the direction down towards the primary logic controllers. Dahlgren has always been our center of excellence for AEGIS and surface weapons systems. Dahlgren will be the place you go to for surface combat systems security, and that includes both the AEGIS line, the SSDS line, and then the ultimate LCS combat system. NUWC, of course, for our submarine combat systems.
And we’ve asked SSC Atlantic, which is a SPAWAR activity, to lead us in our navigation networks, which as it turns out, we created a network to do navigation onboard the ship. Whether we should’ve done that or not is a whole other question. But in order to help get it to the point where we can say it is notionally secure, there’s a lot of work to be done. And that work will predominantly be done down at SSC LANT.
The cyber initiative that we got has a temporal part. The temporal part is that there’s time involved and of course, money, which will, by definition, meter our level of effort. But I think of it in three pretty simple bins. The very first, and what most cyber experts will tell you, is that you can get 95% of your cybersecurity by just operating the system you’ve got the way it was supposed to. I call that cyber hygiene, it’s very straight forward, right? If you have the default password, and the default admin name in, at the fifth level administrator, that’s a really bad thing. But it turns out like 30% of them are set to the original factory delivered. So if you go buy the online hacker tools, that you can just go buy off the internet, it’ll go test that first. And then even a hacker who doesn’t know anything gets into your system. The other one is very, very simple things. An open USB port on a maintenance laptop. If that maintenance laptop is plugged into an outlet on the ship, and it’s near a hatch or top-side, a Sailor will plug his phone in so he can get a text from his wife and charge his phone, it’s guaranteed. That is an insider threat. That cell phone is a pathway directly into your machine control system. So that’s cyber hygiene.
So get out your hot glue gun and fill that port with hot glue. That’s a very cost effective solution to that sort of a problem. Yeah, sometimes it really is that simple. Another one is Sailor alterations or captain alterations. Every captain wants to have that display in his stateroom that’s the combat system that shows up on the TV he watches his movie on. So there’s that Ethernet cable that runs over the CO’s door, plugs us both in. That is absolutely not acceptable anymore. That configuration of those electronic systems will have to be known, and we don’t know it very well. We know it very well on some ships, we don’t know it very well on others. And it has to be maintained and policed. That is absolutely low-cost, relatively easy to do, we just have to get on it. So, first and foremost is a cyber hygiene initiative. And so we’ve issued our first, sort of cyber hygiene manual for sailors to use. Hey, when you’re going around your ship, look for the following things. And you know, it goes down those lists. It also goes to my maintenance activities to go make sure that we’re on alert for that.
The second area is really the far future. Some of you heard me say this. In 30 years, we can change everything about our Navy, and it’s in the budget range. We build 10 ships a year, they last about 30 years. In 30 years, you completely replace the whole fleet, a couple of exceptions, maybe an aircraft carrier or two. But in the main, you can do it all. So start building today, cybersecurable ships. That means we’ve got to understand what that means. We’ve got to design a broad architecture, have a broad outline of how those systems will be laid out and what hooks need to be in them to make them cyber secure. We’re in the business of doing that right now. We’re writing a set of specs and standards with SPAWAR and NAVAIR to build it cyber secure, so then I can give you and your contracts the things that you’re building for the future, the hooks necessary to make it cyber securable.
Broadly, to describe that philosophy I use the flooding analogy, some of you heard me do this one. It works for me, so I’ll try it, see if it works for you. When we talk about flooding in submarines we talk about flooding and recoverability, right? You do everything you can to keep the water out, but then assume the water’s coming in, and then you’ve got to be able to recover from it. So that thought process is very much like cybersecurity. If you think you’re un-hackable, look inside your system, someone’s in there running around, right? That’s the sort of definition of this space. And so, you need protection and you need recoverability. The way we think to do that is to basically create water-tight compartments, cyber-tight compartments, create enclaves that have defined connection points, just a few connection points between the ship’s LAN and the combat system, maybe only one, between the navigation system and combat, between machinery controls and navigation, those sort of things. Understand and control and only connect them if you absolutely have to, and connect them through a water-tight door for lack of a better word, a boundary defense capability. So we’re out looking for those boundary defenses. Now, it’s not just a big check valve or a big gate valve, it’s a valve that also looks both directions and says, is everything running right on that side? Is everything running right on that side? So I can imagine a day when there’ll be a threat to primary logic control of a gas turbine. And I’ll get a note that’ll say, set cyber zebra on all of the DDGs. And we’ll signal those boundary defense capabilities and they’ll lock down share controls from the rest of the ship. So now you’ve got to think about when you design the ship, machine controls have got to run standalone. And the ship’s got to still be able to fight. Same things with the combat systems, got to be able to run standalone. It’s got to still be able to fight. You want to connect them together to get the maximum war
fighting effectiveness. When you’re in a cyber safe condition, everything’s connected and it’s all working. When you’re under threat or you know you’re under attack, you might have to set cyber zebra or something like a circle zebra, where you can only communicate every couple of hours or only under certain conditions. But that is the broad
outline. So enclaves, securable enclaves, minimize the interconnection points, and control those interconnection points explicitly.
That’s the broad outlines of it, obviously there’s a lot more work to be done on that.
We’ll start to layout the thoughts on that strategy at our industry day. And of course, I’ll hear from many of you as a result of this and I very much look forward to that conversation. So once we create that future state, then where do I spend the next dollar?
On today’s ships, right? So the 280 ships we got today have vulnerabilities. What is the first one you should address with the dollars I have? Building those boundary defenses where we’ve invested the initial dollars. Combat systems first, because they’re the most important for keeping the ship fighting. But machinery controls is right behind it, because if there’s no generators running, there’s no combat system, right? If the screw stops turning, you’re not going to be doing a lot of fighting. So those are sort of the first efforts, reducing the number of interconnection points, and controlling them very carefully, is really the other place where we’re going to go and spend some money. And that’s a pretty difficult set of conversations. Because we connected things because we could, not because we should.
I’ll use an example. In the old days, you had two servos. You connect them with a twisted pair, and you know when you turn the wheel over, the rudder would move a corresponding amount. Well, we made this servo, has its own logic controller and thing on the bridge is just a rheostat that changes the voltage. Well, you can give them both IP addresses and connect them to a LAN, they find each other automatically. I don’t need to run another piece of fiber. That means whatever’s on that LAN can go mess with the rudder. That’s really bad, right? So we should now run that twisted pair again. Let’s run unique fiber. Those things are relatively easy when you’re building a ship, and really not that expensive even when you’re modernizing it. Go make those things explicit. Understand why we connect it. Make sure we connected things because we should, not because we could. And so that’s the broad outlines of the cyber initiative. I know there’ll likely be a couple of questions on it.
So now, I’ll get into the shipyards. Get all settled in now, you can go and get your nap in. The Public shipyards are a very interesting beast. As I came into the job, I assessed that we were undermanned and it was pretty obvious as the schedules of all the availabilities we had were starting to creep right. And we started to impact aircraft carrier deployment schedules and made the newspapers. That was a particularly bad day for me. And we haven’t delivered an SSN on time, other than in Portsmouth, in quite a while. And that’s something we’re going to work to fix. A couple of market forces got us to that point. We had a growing workload for our nuclear ships and we didn’t recognize it. We didn’t acknowledge to ourselves that we were coming into a period where we were refueling the Ohio Class and kind of got out of the refueling business. We started refueling Ohio and in about 2006 or 2007, we sort of achieved a steady stage 4 refuelings in the shipyards simultaneously.
The 688s, and remember, we hollowed out the beginnings of the 688 class with early decommissioning, we built them at three and four a year and they started coming into the yards in about 2010 in three and four per year for their second major availability. And now we’re doing three and four of those a year. Those two trend lines go on now through about 2020, and then we’re done.
The last Ohio refuels, the last 688 goes through EOH. And that workload drops back off. But that’s a peak that is true. And until we actually said it out loud, there was some denial about it. And the last one is, we didn’t achieve the 11 nuclear aircraft carrier force until the delivery of the BUSH. We were still building up the nuclear aircraft carrier force structure. So those drove the workload up. At the same time we got a lot of budget pressure as the 2011-2012 timeframe came. We’re going to take some risk, we’re going to assume some efficiency as workloads grow. So we are officially constrained, the hiring. And then we froze hiring as a result of the sequester, and didn’t get rehiring again for about nine months. I was almost 3,000 people behind at that point. And since that moment when we started hiring again, almost 5,000 people into the public shipyards, which are only 33,000. That’s a level of turnover we have not seen in a very, very long time in the public yards, and presents both a challenge and an opportunity. I’m actually going to get to some innovation. If you can believe it, I’m going to get to innovation in the public shipyards. So the opportunities for innovation were both on training and really on technology. I’ll take those in order. In the old days, an apprentice mechanic would go alongside a journeyman mechanic and stay with him for a couple of years. Eventually the journeyman mechanic would say the apprentice is good enough, and he’d be put on the line. And the guy would go to work. That’s not just going to be adequate for that level of training that we set up ourselves for. And so we told the shipyards to innovate, go figure out ways to train better.
The best story, and some of you know my history with ASDS, this is actually my favorite one. I saw the ASDS a couple of weeks ago at Pearl Harbor Naval Shipyard. So the old hull, after the fire, was stripped down and painted white, and it sat around a while. Eventually it made it to the Defense Reutilization Office. The Pearl guys saw it and turned it into a rigging simulator. It’s got four hatches, got a constrained space, they wired it with some cameras, put in some speakers and stuff, rigging points. They make the young apprentice riggers rig pumps and valves in and across and around the ASDS. They let them do it by themselves. Got the cameras in there and safety people. That’s real learning. They’re turning apprentice riggers into journeyman riggers, very, very quickly with that kind of a thought process.
You go over to Portsmouth Naval Shipyard, they asked Puget Naval Shipyard if they had a couple of old tanks. They cut some old tanks out of a decommissioned ship and shipped them to Portsmouth. Portsmouth set them up as a training place. And a brand new painter goes in there and has to blast the tank clean, paint it, apply the coatings, and he can do that all, really without any supervision. Training people are there. In eight weeks, they’re taking an apprentice painter and putting him on a ship, actually functioning as a qualified painter, really very, very impressive. Norfolk and Puget have a bigger problem, with a large apprentice school. There is a lot of innovation going on with the apprentice schools, I know I’ve seen it with the shipbuilders and that’s going on in our shipyards as well.
Changing the way we train, talking to the educators. We used to send them first to get their trade, then we’d send them to school. We figured out they were failing out of school, that didn’t work. Put them in school first, they weren’t good enough trade. So there’s lot of experimentation going on in the mix of trade training and classroom training, with the goal to have the apprentices on the deck helping within a few months of checking into the apprentice school. Of course, when you put your mind to doing something like that, you could make it happen. And that’s going on in both places.
The last one I think is pretty good, is we used to bring on an apprentice and say, okay, what are you going to be? I want to be a pipefitter. Okay, you’re a pipefitter. And you would try and fit that person into being a pipefitter, right? Didn’t always work, didn’t always have the physical skills. I think of this as, if any of your kids have ever read the Harry Potter books, the sorting hat, right? Okay, you’re not going to be a pipefitter okay. You couldn’t fit those pieces together. How about, let’s try electrician, right. I teach you a little bit about electricity. Give you a welding torch, let you try some welding. Go work to find out what they’re good at.
Interestingly, we’re not getting as many kids that have, that come in with some physical skills that they got from their parents or they got from a job. So you actually have to do that kind of thought process about it.
The part I’m actually most excited about is our ability to our warfare centers to deliver new technologies to our shipyards. I’m running one of the largest industrial activities in the country, you know, 33,000 people doing ship repair, and not a dollar of R&D for innovation in the shipyards. So I looked around my world and I wondered whether OPNAV would give me any R&D. I assumed that was no. I told my warfare centers, my NAVSEA warfare centers to partner with a shipyard, use some of their R&D, because they’re allowed to tax their R&D and use a little bit of it for their own innovative things. And they’ve gone out and done that. We’ve already transitioned a couple of things. The laser cladding stuff was where we got the idea. So most of the laser cladding work had been done at Keyport, transitioned into Pearl, and into Puget, now everybody’s using the laser cladding rigs. Another one is additive manufacturing, and again this is one of the areas where Keyport’s really exceptional. Additive manufacture a pump for training, a full pump with all the components so that the guys can train on a fake pump before they go down to the real pump. But have it be cheap, easy to produce, and you can always make another one. They messed that one up, just go and manufacture another one in the 3-D manufacturing. They’re also used in the three-dimensional tools. Model at dry dock. Model the ship. Create the three-dimensional models with a printer, and let the team plan the dry docking with everything represented, including where the stern plane hits the sidewall and where the float goes and all this sort of stuff. They also did it with a sail. They took the SSBN sail. Modeled it with the three-dimensional tools, and then mapped out the best use of the cranes to get the sail depopulated. That’s all going extremely well. And then Keyport can actually make a casting, make a mold from a three-dimensional model that can be given to a forge and turn it immediately into a forge.So you take a three-dimensional and turn it into a forge. I know that’s going on some in the construction yards, but we’ve been able to turn that on a repair, especially for something that’s supposed to be on the shelf that’s not. Pretty quick turn and you’re in business. The warfare centers have a long list of other things, some of you are involved in these. Terahertz imaging, to go look through the SHT, the Special Hull Treatment to see the steel, is there rust and is there cracks? And you can sign off all the URO 3 inspections and all the rust inspections. Actually, we’re removing the SHT. Wouldn’t that be nice? We’d stop taking that SHT off. When you do have to take the SHT off, there’s a lot better ways than the chisel and the hammers that we’ve been using as it turns out. We have a couple of those ready to transition. One of the teams came up with a bio hat. So you need a tank watch. Put on the hat, you can monitor the heartbeat and the breathing and all the bio-metric parameters through a piece of wearable equipment as opposed to having to check on them every 10 minutes. It seems like there’s something very good there. I’ve seen some of this already.
Exoskeletons. So a skeleton that goes around your body and lets you hold a 60 pound tool for hours and hours and have it be exactly where you need it by just moving your wrist. Of course, we should be doing that. We haven’t been. That’s on its way in. This is one that probably makes everyone least comfortable. The guys from Indian Head came in and said, we can cut 2-inch HY80 with a shaped charge, we can have the hull cut out in about 10 minutes. They laid the charge around, they blew the charge, and the hull cut falls out of the pressure hull. Probably have some work to do on prep for the reinstallation.
My assessment is we still have a lot of work to do. We’ve got to get those 5,000 new hires at the shipyards on the decks and working. We have to do it fast. We’ve got to turn our productivity curve around from one that’s been on the decline to one that’s on an improving trend. We are seeing the initial indications that this is going to bear some fruit, but you’ll judge me based on the delivery of those SSNs, and I hope to delight you in the future. But I think the table’s set for us to produce as we’re expected. This is the Pearl Harbor Naval Shipyard Log. They took the idea of the paint trainer, and they gave the guy virtual reality glasses and wired up his paint gun. And he actually paints virtually, and the machine tells him whether he got the right coating thickness and all that sort of thing. That kind of reps and sets will make a painter proficient very, very quickly without having to actually spend a lot of money. So that’s Pearl Harbor Naval Shipyard. So you should be very proud of them.
Just in closing, let me say that in spite of the travails of the last couple of years, the Navy is in a pretty good place. I give the Navy leadership a lot of credit. The folks that fought for the budgets to get us the ships and get us the ship repair money necessary.
Building the 10 ships and near where we need to be. We’re working down the backlog of maintenance, both on surface ships, aircraft carriers, a little bit on submarines that we accumulated during the 10 or 12 years we overused the fleet in support of the two wars. So in spite of it all, we are pretty positive about where we are. Of course, there’s another budget fight this year, and there’ll be another one next year. I suspect we’ll get through those. Exciting part of the next six months would be to see both FORD and ZUMWALT sail down a river near you. Those are both going to be pretty challenging ships. If you remember, we designed them and committed the technologies at the time where we thought there was going to be a lot of money. Now, of course, those technologies are coming to challenge us as we work to get those ships at sea. But I’m certain that you’ll see them come down the river. And they will set the standard for technology for ships of the future.
I probably used up all my time. Thank you all very much.