Information Systems Security Program

The Information Systems Security Program (ISSP) is a Navy initiative under Program Element (PE) 0303140N, focused on ensuring the protection of Navy and Navy-hosted joint telecommunication and information technology systems from cyber exploitation and attack. The program's overarching goals are to extend cybersecurity across Navy networks, systems, and data, ensuring confidentiality, integrity, and availability through acquisition, modernization, and sustainment of cybersecurity platforms.

ISSP supports both defensive and offensive cyberspace operations, risk management, and rapid adaptation to emerging threats. There is particular emphasis on protecting National Security Systems (NSS), naval weapons systems, and critical infrastructure for Command, Control, Communications, Computers, & Intelligence (C4I) afloat and ashore.

Communications Security R&D is the largest line item within ISSP, with objectives centered on modernizing cryptographic equipment and developing advanced communications security (COMSEC) and transmission security (TRANSEC) solutions. This project includes the integration of National Security Agency (NSA)-approved cryptographic engines, content-based encryption, and the transition from legacy devices to embedded modules.

Key sub-programs include Computer Network Defense (CND), which provides hardware, software, and processes for detecting and mitigating cyber attacks; Navy Cryptography, which modernizes legacy cryptographic devices to meet NSA mandates; Key Management, which develops infrastructure for secure distribution of cryptographic material; Public Key Infrastructure (PKI), ensuring secure authentication and access for Navy users; SHARKCAGE, a platform for attack sensing and warning; and Navy Cyber Situational Awareness (NCSA), which delivers real-time visualization of network health and cyber risk to commanders.

Information Assurance focuses on research, development, and evaluation of technologies to improve the resilience and survivability of Navy information systems against adversarial attacks. The project supports the triad of defense information operations: protection, detection, and reaction, with an emphasis on supporting distributed maritime operations and network-centric warfare.

Specific objectives include developing secure, interoperable operational environments, improving network infrastructure resistance, enabling rapid certification of security-aware applications, and measuring the effectiveness of defensive capabilities. The program also develops architectural frameworks for seamless integration of security technologies, situational awareness tools, and secure coalition data exchange across varying security levels.

Cybersecurity Engineering funds the SABER and HAVEN efforts, which are focused on shipboard and afloat cybersecurity solutions. SABER involves the research, design, development, testing, and installation of cybersecurity defenses for integrated shipboard networks, including Hull Mechanical and Electrical (HM&E), navigation, combat, fire control, sonar, radar, and communications systems.

SABER provides network boundary defense and situational awareness to detect and counter both external and internal threats. HAVEN is a secure, resilient operating environment that supports rapid software deployment and system restoration, serving as the hosting platform for SABER and potentially other Navy cybersecurity applications.

Each sub-program within ISSP has distinct technical and acquisition strategies. CND employs an evolutionary acquisition approach, continuously modernizing and refreshing cybersecurity tools for Navy tactical networks. Navy Cryptography follows NSA guidance for mandated software upgrades and device replacement, while Key Management Infrastructure uses agile and DevSecOps strategies for capability development.

PKI is a joint NSA and Defense Information Systems Agency (DISA) effort, supporting secure access across Navy and DoD networks. SHARKCAGE and NCSA leverage commercial and government off-the-shelf technologies, with agile software enhancement processes to address evolving cyber situational awareness requirements.

Planned accomplishments for FY 2026 include continued technical refreshes and capability upgrades for CND subsystems, further virtualization of CND capabilities, and enhancements to continuity of operations. Navy Cryptography will proceed with CM2 compliant product procurements and modernization strategies, while Key Management will advance user acceptance and operational verification testing for new releases.

SHARKCAGE will integrate new mission requirements and enhance detection capabilities, and NCSA will expand access to cyber data and deliver improved readiness metrics. Information Assurance will continue to develop tools for cloud application trust, collateral damage reduction, secure communications, and autonomous cyber operations, with a focus on supporting operational technology for defense critical infrastructure.

The ISSP budget supports a broad spectrum of cybersecurity research, development, test, and evaluation activities, involving multiple Navy research centers, contractors, and federal partners. The program's objectives are driven by the increasing complexity of cyber threats, the need for resilient and adaptive defenses, and statutory mandates for cryptographic modernization and secure information assurance. The FY 2026 budget realignment and increases reflect the maturation of cyber defense capabilities, integration of advanced technologies, and ongoing support for Navy mission requirements in a rapidly evolving cyber environment.