At WEST 2026, I asked Chief of Naval Operations ADM Daryl Caudle a question that is of critical importance for those supporting the Department of the Navy and the fighting instructions that will define the next era of Naval supremacy:

“With acquisition reform and speed to the fleet a priority, and a global supply chain. How is the Navy focusing on securing the supply chain and specifically the cyber supply chain?” 

This question was prompted with the push for digital transformation in acquisition focusing on speed to the Fleet for advanced technology, and the global supply chain and specifically the cyber supply chain being a constant target for adversaries to disrupt mission readiness.

Why this question matters right now

ADM Caudle’s keynote made it clear that we’re in an era where “the speed of decision ruthlessly punishes delay.” That is not just a warfighting observation; it’s a direction to everyone connected to the fleet, operators, acquisition leaders, and industry partners alike.

In his prepared WEST remarks, the CNO describes the Navy’s Fighting Instructions as a framework built for an environment defined by great power competition, rapid technological change, and industrial base constraints. He outlines a full-spectrum “Hedge Strategy” intended to avoid a “brittle, single-purpose force” by balancing scalable mass with advanced platforms, and by deliberately managing, rather than pretending to eliminate, risk.

That framing is important for anyone thinking about supply chain security, because it elevates a core idea: Security cannot be minimalized in this push for getting advanced technology to the Fleet, but rather it shall be inculcated into the engineering processes for development, delivery and sustainment, to support speed to the Fleet and not be a blocker to the accelerated acquisition framework,

ADM Caudle’s response: a “fight at speed” mindset with disciplined risk

The CNO’s keynote emphasizes a Navy that must be able to “sense, synthesize, decide, and act fast enough with confidence to achieve Commander’s Intent.” He’s blunt about the conditions of the next conflict: communications disrupted, cyber under attack, and an adversary trying to fracture kill chains and slow decisions.

His answer to that operational reality is not to centralize everything or to make the fleet wait for permission. Instead, he stresses the Enhanced Mission Command Framework and a fleet that prepares to operate as empowered teams with disciplined initiative.

From a supply chain security perspective, I heard three key themes embedded in his response:

  1. Speed is a decisive advantage, not a nice-to-have. The Navy cannot afford slow assurance approaches that don’t scale to the pace of modern software and interconnected systems.
  2. Risk is unavoidable; the goal is informed risk decisions. The Hedge Strategy “buys down risk in some areas” and “shifts risk to others,” and it “unabashedly embraces risk to tip the scales” operationally.
  3. Industry is expected to move fast and iterate aggressively. In his remarks, ADM Caudle explicitly calls on industry partners to “move fast, iterate aggressively, and help us scale these packages at speed.”

That combination, move fast + manage risk + scale with industry, is at the core of what successful and operationalized cyber supply chain risk management provides to our most critical weapon systems and platforms. C-SCRM is a compliance artifact. It is an operational enabler that supports speed to the Fleet, assures mission ready weapon systems at the time of delivery, and provides mission assurance in cyber-contested environments across the life cycle of those systems.

How does a secure supply chain support the Navy fighting Instructions?

When leaders emphasize speed, mission command, and resilience under pressure, supply chain security must be at the root of those decisions not just in design and delivery but throughout the life cycle of our weapon systems and platforms:

1) Continuous visibility, not point-in-time confidence

Modern software changes constantly. Supplier ecosystems shift. Components go through tech refreshes and updates. New vulnerabilities and targeted exploits emerge daily. The security posture the Navy needs isn’t a one-time check in the box of being compliant. It’s a real-time view of the operational environment where we fight, and the current adversarial threats to mission execution within it, and the supporting threat information to inform decisions that maintain our technological edge to fight and win across all areas of operation.

2) Clarity for decision-makers, not noise for analysts

ADM Caudle’s emphasis on commanding with clarity aligns with a supply chain reality: leaders need prioritized, mission-relevant risk signals to stay ahead of the fight. The expanding global supply chain and cyber vulnerabilities across the Fleet can create a lot of white noise, restricting commanders’ ability to focus on what matters and identify the “So-What.” Prioritized risk information and supporting dashboards that clearly outline the risk to the mission are required to provide real-time situational awareness to commanders who need to understand the risk they carry into every fight and how to manage that risk to win.

3) Assurance that supports acquisition reform, not blocks it

If the fleet is moving faster, supply chain assurance must become light-weight, automated, and rapidly scalable to support the digital transformation of the Fleet. Solutions must be integrated into programs and maintained across the life of the systems. As the battlefield and war-fighting capabilities of our adversaries evolve, our weapon systems and platforms must adapt with them through cyber-resilient architecture and continuous monitoring of the risks affecting mission execution to be able to take the fight with the most technologically advanced Navy against our enemies.

How Fortress helps align supply chain security to the Navy’s “speed to fleet” direction

At Fortress, we built our approach around the reality that supply chain risk is not an exercise in compliance to get through a milestone; it is an operational necessity to stay fight and win. The question proposed to the CNO at WEST is the same one that drives our customers and partners across critical infrastructure and the Department of War: How do you balance speed and security in this globally supplied digital transformation for acquisition and sustainment?

Fortress’ Comprehensive, Collaborative and Conclusive C-SCRM solutions are tailored to support that objective:

  • Supplier and third-party risk intelligence to help identify which vendors, components, or dependencies introduce outsized risk to mission delivery, so teams can prioritize effort where it matters most pre-acquisition and throughout operations and sustainment.
  • Software and Hardware supply chain visibility Software is the highest targeted supply chain vector for critical systems. Fortress’ comprehensive C-SCRM solution goes beyond traditional SCRM into the products that the vendors provide to include the hardware and software where the vulnerabilities are found. (including SBOM-driven approaches where applicable) to help security and acquisition stakeholders understand what’s inside software products and where hidden dependencies create exposure.
  • Operationalized workflows that support faster decisions, so risk information becomes actionable, not a report that arrives after the decision has already been made. We provide a customized dashboard supported by AI enhanced continuous monitoring to provide near real time situational awareness of your cyber and cyber supply chain risk, as well as the recommendations and workflows to maintain cyber resilience and mission readiness throughout the operational life of the system.
  • A solution designed to scale across the enterprise and global supply chains, aligning with the reality that defense supply chains are multi-tiered and continuously changing. Fortress solutions break down the walls of individual siloed C-SCRM solutions and close the gaps between disconnected data sets to support and prioritize cyber readiness across the enterprise, speeding up time to react and increasing cyber resilience of the entire enterprise.

Fortress provides cyber supply chain risk management solutions that move at the speed of the mission.

ADM Caudle’s Fighting Instructions are not just a strategy document; they’re a demand signal. He’s asking the fleet and industry to prepare for a fight defined by speed, disruption, and distributed decision-making.

For those of us who live in the space where acquisition, cyber, and operational readiness intersect, the message is clear:

  • Don’t sell “paper security”; understand and operationalize the constantly evolving risk, and make data driven decisions to draw down risk to fight and win.
  • Don’t slow down the mission in the name of assurance, and do not sacrifice security in the name of speed; balance speed and security at the beginning to maintain the warfighters enduring advantage
  • Do provide real, data driven, prioritized and actionable reporting to Commanders to support their ability to make informed decisions quickly.
  • Do build supply chain security programs that adapt and scale. With the introduction of AI, the rapid rate of advancement in technology and warfighting capabilities assures us that today’s fight will not be tomorrow’s war. The ability to rapidly adapt and support mission readiness and mission execution is paramount to building and maintaining the most advanced war fighting Fleet the world has ever faced.
  • Version 2-1