Code 5544 is the Network Security Section in the Center for High Assurance Computer Systems Branch of the Information Technology Division.

Code 5544 provides the Navy's core in-house expertise in the research and development of Network Security solutions. Engineers work closely with the warfighter, Navy policy managers and other government agencies to develop network security architectures and solutions (e.g., components, toolkits, equipment, and systems) to meet Navy and joint service requirements. Code 5544 also performs in-house analyses and testing to evaluate current and emerging network security solutions and determine their applicability to Navy and DoD network security architectures. The major areas of work are listed as follows:

Computer Network Defense
  • Security Information and Event Management
    • Development and implementation of high assurance systems to aggregate security data feeds from diverse sources across networks.
    • Development of high assurance systems that normalize network-wide security data to provide a single, holistic view of network health and status.
    • Optimization of existing network monitoring processes utilizing developed systems to increase the efficiency and area of coverage for the network security operator.
  • Business Intelligence
    • Utilization of Business Intelligence framework to maximize the usefulness of historical and near real-time computer network defense data.
    • Developed and implemented the first system of its kind to allow an enterprise to track threats/warnings over time to understand historical trends and their relation to current network state.
    • Implementation of I/O separation of read-centric operations from write-centric optimized relational databases.
  • Slow and Low Intrusion Detection
    • Development of capabilities utilizing existing security architecture platform to detect network misuse/compromises potentially indicative of an intrusion not visible to traditional network security appliances.
  • Visualization
    • Implementation of systems to dynamically and visually display the network topological/geographical location of actors, targets, and hops of a detected intrusion.