DoD Needs to Improve Cyber Culture
DoD Needs to Improve Cyber
Culture, CIO Says
By Lisa Ferdinando. DoD News,
Defense Media Activity.
Washington D.C. — (DoD
News) — October 29, 2015 — The Defense
Department needs to change its cyber culture to protect its networks from the
relentless threat from hackers, the department's chief information officer said
today. "I get a question all the time: 'What keeps me awake?' I think most
people expect me to answer it's security or it's dollars. It's neither of those
things. It's culture," Terry Halvorsen told a reporters breakfast here hosted by
The Christian Science Monitor.
Terry Halvorsen speaking at a reporters breakfast in Washington D.C.
The Internet is an "important part of our business, an
important part of our culture, but you have to go there with the right rules and
right understandings," he said. DoD has to establish a "culture of cyber
discipline," he said, because the attacks against the agency networks are
constant. "There’s not a time when I’m not being attacked somewhere in the
world," he said. With hackers generally out of the public's view, he explained,
"I think it's easy for people to forget that there are bad actors out there."
Understanding Cyber Economics
Good cyber defenses include a combination of tools, culture,
and training and education, Halvorsen said. "It's really also educating leaders
at every level what their responsibilities are and what they need to know," he
added. The Defense Department needs to change its cyber economics as well,
"It is much less expensive for someone to attack us than it
is for us to defend, and we got to turn that around,” he explained. “Today, we
are really on the wrong side of that piece."
Cyber is a relatively new warfare, he noted. As with any
domain, such as aviation or nuclear, it takes time to build and secure, he said.
A big difference in cyber, he told the reporters, is that it moves faster than
any other warfare area. "That's a challenge," he said. "We're in the midst of
having to make some major culture changes."
DoD is working to automate as much of its cyber security as
it can, to get to where the defenses “self-learn” and take actions to stop or
quarantine an attack, he said.
An enterprise culture is also needed, the Pentagon’s CIO said.
"Cyber is forcing us to think different about that," he added. "Unlike other
areas, cyber truly is enterprise, because it's connected."
For the first time, the Defense Department is putting
civilians in private information technology companies for six months, and
private IT company personnel are doing tours at DoD, Halvorsen said. During
World War II it was not uncommon, he said, for people to move back and forth
between private and government jobs, and to have industry partners working on
The government could benefit greatly from a partnership with
private IT firms, he said. Smaller companies could partner up with larger firms
to help with scalability for government projects, the CIO noted.
A constant issue Halvorsen said he faces is that people will
present him with a computer technology that has been tested for 25,000 people. "They
get mad when I say, 'Well that's good. Now you have to test it for about a
million, so I can know that it will scale.'"
(Follow Lisa Ferdinando on Twitter: @FerdinandoDoD)
Related Biographies :
Related Links :
DoD Cyber Strategy