Wanted: Top Technology, Talent for Federal Cyber
Filling gaps in capabilities and the work force will help the Defense Department better manage a deluge of threats.
Conquering cyberthreats that pose a national security risk means acquiring cutting-edge technology and leading-edge talent and pairing them, according to U.S. Defense Department experts.
The department’s technology wish list, discussed during the annual Defensive Cyber Operations Symposium (DCOS), touches on a number of disruptive areas, including machine learning, biometrics, the cloud, what officials are dubbing “software-defined everything,” and solutions to improve mobility and identity protections. Experts shared the challenges and solutions of leveraging technology and talent at the AFCEA International event June 13-15 in Baltimore.
Presently, the Defense Information Systems Agency (DISA) manages much of the Defense Department’s information technology efforts, while the Joint Force Headquarters-Department of Defense Information Networks (JFHQ-DODIN) operationalizes them. Through this joint venture is how the department will reimagine the defense workplace, said Lt. Gen. Alan Lynn, USA, director of DISA and commander of the JFHQ-DODIN.
“In the future, we see the systems you carry on you carrying information for you,” he said during his keynote address that kicked off the three-day event. “Together, these will create an ‘identity score.’ Your identity score will determine how much access you have to the network.”
DISA’s focus is “really hitting hard on mobility,” said Tony Montemarano, DISA’s executive deputy director. Leaders recognize how far behind industry the Defense Department is in this area and how much the lag hinders the work force, from productivity to recruitment and retention. DISA is on the hunt for much-needed capabilities that would allow employees to work on any device, regardless of their location. Getting to that desired endpoint means investing in proven identity assurance technologies, offerings that include a combination of biometrics, behavioral analytics and patterns-of-life capabilities, Gen. Lynn said. And the solutions must address two equally essential needs: security and speed.
Securing networks, data and, more broadly, any public or private system that runs code remains a truly difficult national security challenge, said Steven Walker, acting director of the Defense Advanced Research Projects Agency (DARPA). “One way to avoid technological surprises is to create technological surprises of our own,” Walker said, echoing the agency’s mantra.
Hackers no longer are just bored high school kids, he said. Breaches come via sophisticated criminals and terrorists, some backed by the deep pockets of adversarial nation-states. No silver bullet exists that will solve the nation’s cyber problem, Walker said, which makes interagency partnerships such as the one between DARPA and DISA so imperative.
Swift changes in the cyber domain also demand a dynamic and dedicated partnership between the Defense Department and industry, perhaps more so today than ever before, shared John Zangardi, the department’s acting chief information officer (CIO).
The private sector, not government, leads information technology innovation, he said. “A common thread through everything we do in defense, and more so in cybersecurity, is industry partnership,” Zangardi said. “We can’t solve today’s complicated problems with yesterday’s thinking or technologies.”
The symbiotic partnership, however, needs strengthening, many experts said. As it stands, companies hesitate to share cyberthreat intelligence with each other, but even more so with the government, said Kevin Walker, security chief technology and strategy officer for Juniper Networks. “We don’t do a good job collectively of sharing—we just don’t,” Walker said.
Although in 2015 Congress passed the Cybersecurity Information Sharing Act, designed to improve cyberthreat information sharing between government and industry and to protect privacy and proprietary details, the law does not go quite far enough to promote dialogue, said Gus Hunt, managing director and cyber lead for Accenture Federal Services.
Internal department barriers also can impede communication. Vital to securing the cyber domain is the dire need for collaboration, information sharing, situational awareness, innovation and teamwork within the Defense Department, according to a panel of military experts. Department stovepipes and cultural resistance to change stymies some efforts to break down sharing barriers, said Brig Gen. Mark Weatherington, USAF, director of cyberspace operations at North American Aerospace Defense Command and U.S. Northern Command.
Several speakers echoed this theme. Cybersecurity must embrace partnerships and improved communications as well as standardization, a well-trained work force, optimized contractual clauses, a willingness to accept a certain amount of risk and dedicated funding streams to pay for efforts such as network modernization, offered acting federal CIO Margie Graves. “Really, the end game is the effective delivery of mission in a secure manner,” Graves said. “Modernization is simply a tool that you use to get there—hopefully get there faster and more effectively.”
A good beginning is the Modernizing Government Technology Act, which the House of Representatives passed in May and is on its way to the Senate. The bill would create a $500 million fund to support rapid federal information technology modernization.
Several presentations touched on the need for improved work force development, especially now that the federal government has a new competitor vying for talent already in short supply: the critical infrastructure sector, which is woefully behind in shoring up its defenses. The government’s primary competition for cyber talent no longer is Silicon Valley, said Karen Evans, national director for the U.S. Cyber Challenge.
The government must reconsider its labor pool and how it trains and retains its work force to respond to new and rapidly changing threats. One panel assembled to address this issue acknowledged the mounting challenges of building a cadre of employees that is as talented as it is dedicated.
Federal hiring criteria, particularly within the Defense Department, might be too rigid to attract the type of people needed to build the force, said Maj. Gen. Sarah Zabel, USAF, DISA’s vice director. If cyber warriors tend to be nonconformists, then it might be time for the Defense Department to ease hiring restrictions that keep some from applying for jobs, the general stated. Sometimes, those noncomforists might have histories they are reluctant to disclose on job applications—incidents such as hacking a school library system to avoid paying for textbooks, an example panelists discussed. Gen. Zabel asked whether the government should implement a “don’t ask, don’t tell” policy for hacking.
Regardless of the answer, the government must focus now on finding employees with a strong work ethic. Teachers also must nurture the next generation of cyber talent. Children need to learn the importance of perseverance—that it is OK not to get it right the first time and that failure is a part of learning, Zangardi said.
“The future will require the development of a well-rounded work force that is proficient in the basics, and the basics to me are reading and writing and math—literacy and mathematics,” he said. “These are enablers for the next generation of cyber talent.”
Get full editorial coverage, videos, photos and presentations on the DCOS event archive page.