In all my years in the military (28 years in uniform and a total 35 years in the Department of Defense), I always held a certain mind set. It goes something like this:
“In the private sector, if they do poorly, they lose money; in the military, if we do poorly, we lose lives.”
I still think this is true, but now, when I look at the military’s efforts in the cyber security realm, I am concerned. The military still has the highest motivation, but in the cyber security realm it is not doing as well as some entities in the private sector.
Please do not misunderstand me. The military and other U.S. defense agencies are doing well in many areas. For instance, the National Security Agency is unparalleled in its capabilities, many of which are highly classified. If we have to unleash cyber war, I feel fairly confident we will defeat our enemies. But on the defensive side, I have much less confidence.
The Military Services are all calling for help. There have been several recent contract actions started to provide the services with help for everything from the initial strategic planning for cyber efforts to specific capabilities in defending networks. This challenge reaches across the strategic – operational – tactical divide that governs how the military views conflict. It also crosses the barriers of geography, domains and nations. Lastly, it spills pretty regularly into commercial spaces where the military has no expertise or legal authorities.
To address this quandary, the services are looking to defense contractors to help them evaluate their needs and their present capabilities. This defines the delta of what they must do to fix the problem. The next step is to design a force structure, doctrine, methodology, and personnel system that can address this problem now and in the future.
A big issue is that in cyber security most of the big private sector federal integrators, staffed largely by former government employees, continue to think like the government agencies they served for so long. The solutions that many have developed are not greatly different than what the military is coming up with on their own. This is not to denigrate these firms. Despite the bad press they sometimes get, our Federal agencies could not function without them. In this case, however, I am afraid the closeness in their thought process to their clients’ will end up working against the Nation by limiting the types of solutions considered. We need some new thinking.
It will take ideas and thoughts from the “real” private sector to adequately address the challenges in cyber security. Of course, the government in general, and the military in particular, have unique requirements and challenges. That said, we still need to look to the private sector for successful cyber security applications and other ideas that will help the military build a system through which we can defend the networks critical to our military’s performance.
Let’s look outside the Beltway “box” and find some really creative solutions. Our military advantage depends on it.