Halvorsen wants to change economics of cyberspace

Defense Department CIO Terry Halvorsen on Sept. 2 called for industry help in changing the economics of cyberspace so that is more costly for hackers to inflict damage and cheaper for the Pentagon to defend itself.

“From a standpoint of cybersecurity, right now we’re on the wrong side of the financial spectrum here. We’re losing,” the Pentagon’s top IT official said at an AFCEA Nova conference in Vienna, Va. “The truth is, you can spend a little bit of money and a little bit of time and exploit some our weaknesses, and cause us to have to spend a lot of money, a lot of time” responding to the threat, Halvorsen added.

“If you have an impending need to survive, you will innovate,” he said, adding that DOD networks are “getting shot at” -- virtually -- every day.

DOD spends about $44 billion annually on cybersecurity and IT, Halvorsen reckoned. Moreover, the cost of cleaning up a mess like the Office of Personnel Management hack is hefty. Just yesterday, DOD and OPM announced a $133 million contract for identity and credit monitoring for some of the breach victims. (That contract covers services for contractors, current and former personnel across government, not just DOD employees.)

Halvorsen told the numerous defense contractors in the room that the Pentagon needed more tools for automated cyber defense, because throwing more bodies at the problem won’t solve it. Focusing on end point protection alone won’t get the job done, he added, echoing a mantra pushed by security experts who encourage their clients to assume hackers will penetrate network perimeters.

The DOD CIO also singled out software integration as a challenge to his mission, a theme that has animated his approach to the Joint Regional Security Stacks.

Halvorsen spoke with urgency, and the contractors were left wondering whether that vim arose from a two-hour meeting on cybersecurity he said he had this morning with Defense Secretary Ash Carter. Halvorsen briefly described the meeting as a “special cyber session,” in which participants agreed that the department needed to adapt to an evolving threat landscape, to “accept that in this business…the rate of change is going to happen much quicker.”

The former Navy CIO also went over several ongoing IT initiatives at the Pentagon. The fiscal year that begins next month will see DOD civilians do six-month rotations with private firms to learn tricks of the trade, he said. (The program had previously only covered uniformed personnel.)

The Pentagon is also increasingly leveraging mobile devices, Halvorsen said, adding that in the fall, the department will field smart phones capable of accessing top-secret information.