menu

At day two of the AFCEA STRATCOM Cyber Security Symposium, I was a member of the Industry Panel. I took a breath and issued my challenge. Our moderator had asked each of the four panelists to make brief opening remarks on the state of industry in the cyber security issue space and to end with a “memorable” bumper sticker. It was my turn to make opening remarks.

Well, being a former Army Green Beret in the middle of a sea of engineers, scientists, astronauts and nuclear specialists, I knew I was not going to discuss tech issues. (OK, I have a Ph.D., but it is in International Relations.)

So I went with my strong suit: directness, passion and leadership. I issued a challenge directly to Commanding General of StratCom, who had graciously stayed with us throughout the day and a half conference.

“Give us your Commander’s Intent.” For the military, commander’s intent is everything. It gives subordinate and supporting parties exactly what the commander wants done. It is clear unambiguous direction, and it outlines what success will look like. The situation may change, you may have unforeseen difficulties, but you know that you must continue to fulfill the commanders intent. Your original plan to get there may (and almost always does) change, but the intent does not. It is the most critical part of the military’s operations order, the format that governs pretty much whatever the military does.

We in industry want to help StratCom, and its newest subordinate command, U.S. CyberCom, accomplish their mission. We want to do that, not just because it would be good business, but because we’re citizens too. To maximize our ability to do that, we need to know what the commander wants.

“Then bring us in to help you hash out how we get there.” We can tell you if your intent is achievable today. We can tell you how much we can do tomorrow, and how much in a year, 3 years, or 5 years. To do that, the military needs to invite the individuals and firms that truly want to help, not just seek business. And you must invite little guys too, not just the behemoths. If the military doesn’t invite the small firms to the table (they have some of the most innovative ideas), the big guys will not correct the omission.

“Demand new thinking of Industry.” The military cannot accept the same old ways of doing business, with marginal improvements around the edges. They have to make industry think big and deliver. If a company fails to deliver, they should be punished. I do not mean companies who try to innovate and fail; they should be encouraged. What I refer to are companies that make claims and promises but do not deliver. There should be a “price” for such a breach of trust and confidence.

“Help us force the lawyers and policy makers to find a way to efficiently and seamlessly share information about cyber attacks and probes.” Industry understands that government must protect it’s sources and methods, but government must also understand that industry has analogous information. We have proprietary data, methods and techniques. Firms that do stumble but choose to share the information should be protected from damaging public scrutiny. If you want to shine a light on anyone, do it to the firms who do not share when something happens, not the ones who cooperate.

“Give up the model of a medieval castle for cyber security and adopt one more akin to public health.” We are all info / intel gathers, and we all need to feed into the common pool of data. Only if we change the way we think, to spur real information sharing, will we get ahead of the bad guys in this space.

“The Bumper Sticker: Make the Public-Private Partnership Real.” Make it something that can be operationalized. Everyone says that this is the key, but we leave it limp and symbolic when it needs to deliver added value to all our efforts.

“You need this, we need this, and Lord knows the Nation needs it.”

At the end of the conference, Air Force Gen. Chilton specifically stated that he had accepted my challenge and would indeed be issuing just such an intent statement. Thank you General. We in industry are standing by to work with your team on the next step.

Dr. Steven Bucci is director of the Allison Center for Foreign Policy Studies at The Heritage Foundation. He was previously a lead consultant to IBM on cyber security policy. Bucci’s military and government service make him a recognized expert in the interagency process and defense of U.S. interests, particularly with regard to critical infrastructure and what he calls the productive interplay of government and the private sector. Read More