As the Department of Defense and U.S. military branches forge ahead with their adoption of advanced technology like artificial intelligence and machine learning, cybersecurity must be the foundation for these efforts, not just an afterthought, according to chief intelligence officers from government and industry.
During a panel discussion at the Potomac Officers Club’s 3rd Annual CIO Summit, Brig. Gen. John Olson, chief data and AI officer for the Department of the Air Force, expanded upon an earlier analogy from NGA’s Mark Andress, which likened U.S. defense and intelligence capabilities to an F1 race car.
“If we hearken back to the F1 pit stop, I would say cybersecurity is actually the entire surface of the asphalt that that vehicle is riding on,” Olson said. “Because it must fundamentally underpin everything that we do. It needs to be an immutable part of everything.”
As an umbrella term, cybersecurity encompasses everything from zero trust to DevSecOps to Identity, Credential and Access Management, or ICAM, Olson explained. These elements are at the core of initiatives like JADC2 and the Air Force’s Advanced Battle Management System, and they should remain at the forefront of the DOD’s priorities in the infancy of JADC2’s implementation.
However, as cybersecurity continues to be in the spotlight across public and private sectors, officials fear that its importance is being shrouded, in some ways, behind compliance-based motivations and marketing jargon.
“My concern is that the manner in which we drive organizational change is so compliance-driven, and so bureaucratic that we’re going to pencil in zero trust through a series of checklists instead of actually empowering people to make leadership decisions about risk,” said Josh Marcuse, head of federal strategy for Google.
Instead of thinking about the cloud and the commercial cloud as a risk to be managed, Marcuse encourages organizations to see cloud as a tool that can be used to actually reduce risk.
“If I can do anything to galvanize this conversation, it would be moving beyond the marketing lingo of zero trust to actually getting into system-by-system, what does it mean to actually have all the nodes in the network, to be untrusted and to use the network as a sensor rather than as a security perimeter?” Marcuse posed to the audience.
On par with cybersecurity and zero trust in terms of importance is data, said Jamie Holcombe, CIO for the U.S. Patent and Trademark Office. Data is actually a key part of the reason that the need for cybersecurity exists, he posited.
“The fact of the matter is whatever you’re using to secure the data, that’s what needs to be talked about,” Holcombe explained. “The conversation has always been about, ‘Where do you secure it? At the edge? In the middle? At the source?’”
The solution, he shared, is not a singular one, despite the recent trend within the federal landscape to centralize.
“You have to realize there’s a federated solution for almost everything,” Holcombe elaborated. “Realize we do operate in a federated nation. We will never centralize everything. The problem that I see with every data effort is always, ‘Let’s consolidate, let’s make this one big centralized scheme where everybody knows everything.’ Well, that’s a strength and a weakness at the same time.”
This effort to avoid consolidation should also be reflected in the acquisition and procurement processes; Holcombe asserted that organizations should not get locked into a single vendor for cloud services and instead follow a hybrid multi-cloud approach.
To Michael Galbraith, chief digital innovation officer for the Department of the Navy, the hybrid cloud environment should ultimately help warfighters in “disconnected, denied, latent environments.”
The U.S. Navy is working now “to move trained algorithms, to move data to the warfighter where sensors are collecting that data.” He added that “getting high compute capabilities out at the edge is what that hybrid environment needs.”
This effort marks a turning point for the Navy, Galbraith explained. “IT long ago was a cost to be managed,” he shared. “It was not an asset to be leveraged. And what I’m watching in the Department of the Navy is that transformation today.”
Join the Potomac Officers Club for its next event, the 2nd Annual Industrial Space Defense Summit, on May 17 to hear from leading voices across government and industry as they illustrate the threat environment in today’s highly-contested space domain and share what the U.S. is doing to retain its technical and tactical advantage.
Click here to register.