Halvorsen: Cyber war is a culture war
- By Kevin McCaney
- Apr 22, 2016
Security experts have often said that the key to cybersecurity is a matter of approach and attitude, an idea Defense Department CIO Terry Halvorsen reiterated this week.
“Technology is really the easy part,” he said at the AFCEA Defensive Cyber Operations Symposium in Washington, D.C. “I am convinced you will get the technology piece right, but what concerns me is, can we get to the culture change needed?”
Part of that culture change just has to do with diligence and educating users (many of the highest-profile hacks in recent years started with an employee clicking on a malicious link in a phishing email), but Halvorsen specifically promoted the idea of collaboration between DOD and industry—and the trust that needs to be built between the two in order to make that collaboration work.
DOD has sought to partner Silicon Valley-based and other tech companies through its Information Technology Exchange Program, which has to date has launched efforts such as development of new flexible electronics and the Hacking 4 Defense program. Halvorsen noted that such initiatives harken back to the days when the United States was involved in international conflicts such as World War II.
“It was not uncommon for people that had been in industry one day to be in DOD the very next day,” he said. “That partnership, where we understand what industry is doing, and industry understands better DOD and other parts of the government, is a win for all of us.”
The difference today is how fast things change in a world of asymmetrical threats and cyber operations. “The pace of change in cyber is what makes it different than any other warfare we’ve had in the past,” Halvorsen said. “Whatever we put out today is not what we’re going to use tomorrow.”
And DOD is seeking industry input because of that rate of change. “There is not one company out there in any business area that has to do with DOD that has all of the answers,” he said. “That is particularly true in cyber and double particularly true, if there is such a thing, in terms of cyber security.”
One way to speed up that collaboration, he said, is to streamline the certification and accreditation processes that DOD has always relied on. “Today we try to certify and accredit individual products, individual software, individual everything,” he said. “That can’t sustain.”
Another part of the process would be industry letting DOD get a peek at its most innovative technologies, which Halvorsen promised DOD would keep under wraps. “In fact, if I was going to have a watch word for today, it would be trust,” he said.
Kevin McCaney is a former editor of Defense Systems and GCN.