Pentagon steps up private-sector cyber exchanges
The Defense Department is trying to draw cybersecurity expertise from the private sector while sharing its own lessons learned.
CIO Terry Halvorsen said Pentagon officials plan to embed industry experts in CIO offices across DOD. (Photo: Michael Bonfigli)
The Defense Department is stepping up an exchange program to bring private-sector IT experts into the Pentagon and send military personnel into the corporate world, said Defense Department CIO Terry Halvorsen.
A program that has brought Cisco to the Pentagon to share its expertise on routers will expand to include personnel from about 10 firms, Halvorsen said Oct. 29 at a Christian Science Monitor breakfast in Washington. The private-sector employees will be embedded with Halvorsen's CIO staff or in the military services' CIO offices.
The program is built on the widely held notion in government that federal agencies need to inject private expertise into their daily operations to keep pace with cyberthreats.
Halvorsen said the goals are for DOD officials to gain a better understanding of the economic drivers of cybersecurity and grapple with critical technologies such as software-defined networking. Another tool on his radar is "modular data center technology," in light of the department's push to consolidate its data centers.
Halvorsen has been trying to raise the baseline level of cybersecurity hygiene at the Pentagon to avoid falling victim to unsophisticated hackers using off-the-shelf attacks. A Sept. 30 DOD memo furthers that effort with the DOD Cybersecurity Culture and Compliance Initiative. Halvorsen said achieving the spirit of the initiative will include ensuring that systems administrators are using tokens and putting certain public-facing servers behind firewalls.
Asked if he had seen any shift in the assets hackers are targeting since the massive breach at the Office of Personnel Management, Halvorsen said, "I don't think they've changed. We may see a little more focus on data collection [rather than] data disruption."
He also dismissed the notion of lingering distrust between DOD and industry. The amount of money the Pentagon spends annually on cybersecurity and IT "buys a lot of…trust," he said.
He added that although DOD and the Department of Veterans Affairs are making progress on sharing health records, "I don't think it's good enough." The Pentagon will increasingly look to commercial solutions to health IT challenges because "that is a place where the commercial market…does it better than government."
NEXT STORY: Senate Passes Cyber Bill Despite Privacy Fears