Wanted: Top Technology, Talent for Federal Cyber
Filling gaps in capabilities and the work force will help the Defense Department better manage a deluge of threats.
Conquering cyberthreats that pose a national security risk means pairing cutting-edge technology and leading-edge talent, according to U.S. Defense Department experts.
The department’s technology wish list, discussed during the Defensive Cyber Operations Symposium (DCOS), touches on a number of disruptive areas, including machine learning, biometrics, the cloud, what officials are dubbing “software-defined everything,” and solutions to improve mobility and identity protections. Experts shared the challenges and solutions of leveraging technology and talent at the AFCEA International event June 13-15 in Baltimore.
Presently, the Defense Information Systems Agency (DISA) manages much of the Defense Department’s information technology efforts, while the Joint Force Headquarters-Department of Defense Information Networks (JFHQ-DODIN) operationalizes them. Through this joint venture is how the department will reimagine the defense workplace, said Lt. Gen. Alan Lynn, USA, director of DISA and commander of the JFHQ-DODIN.
“In the future, we see the systems you carry on you carrying information for you,” he said. “Together, these will create an ‘identity score.’ Your identity score will determine how much access you have to the network.”
DISA’s focus is “really hitting hard on mobility,” said Tony Montemarano, DISA’s executive deputy director. Leaders recognize how far behind industry the Defense Department is and how much the lag hinders the work force, from productivity to recruitment and retention. DISA is on the hunt for much-needed capabilities that would allow employees to work on any device, regardless of their location. Getting to that desired endpoint means investing in proven identity assurance technologies, Gen. Lynn said. The solutions must address two equally essential needs: security and speed.
Securing networks, data and, more broadly, any public or private system that runs code remains a truly difficult national security challenge, said Steven Walker, acting director of the Defense Advanced Research Projects Agency (DARPA). “One way to avoid technological surprises is to create technological surprises of our own,” Walker said, echoing the agency’s mantra.
Hackers no longer are just bored high school kids, he said. Breaches come via sophisticated criminals and terrorists, some backed by the deep pockets of adversarial nation-states. No silver bullet exists that will solve the nation’s cyber problem, Walker said, which makes interagency partnerships such as the one between DARPA and DISA so imperative.
The private sector, not government, leads information technology innovation, said John Zangardi, the Defense Department’s acting chief information officer (CIO). “A common thread through everything we do in defense, and more so in cybersecurity, is industry partnership. We can’t solve today’s complicated problems with yesterday’s thinking or technologies.”
Internal department barriers also impede communication. Department stovepipes and cultural resistance to change stymies efforts to break down barriers, said Brig. Gen. Mark Weatherington, USAF, director of cyberspace operations at North American Aerospace Defense Command and U.S. Northern Command.
Several presentations touched on the need for improved work force development, especially now that the federal government has a new competitor vying for talent already in short supply: the critical infrastructure sector, which is woefully behind in shoring up its defenses. The government’s primary competition for cyber talent no longer is Silicon Valley, said Karen Evans, national director for the U.S. Cyber Challenge.
Federal hiring criteria, particularly within the Defense Department, might be too rigid to attract the type of people needed to build the force, said Maj. Gen. Sarah Zabel, USAF, DISA’s vice director. If cyber warriors tend to be nonconformists, then it might be time for the Defense Department to ease hiring restrictions that keep some from applying for jobs, the general stated. Sometimes, those noncomforists might have histories they are reluctant to disclose on job applications—incidents such as hacking a school library system to avoid paying for textbooks, an example panelists discussed. Gen. Zabel asked whether the government should implement a “don’t ask, don’t tell” policy for hacking.
Regardless of the answer, the government must focus on finding employees with a strong work ethic.
For full coverage of DCOS, along with photos, videos and presentations, visit url.afcea.org/DCOS17archive.