WASHINGTON — Secretary of Defense Ash Carter will unveil the Pentagon's new cyber strategy during a Thursday speech at Silicon Valley, according to DoD officials.
Carter will also use his speech at Stanford University to announce a new program designed to reach out to the commercial sector to drive new technologies, including the creation of a permanent Pentagon presence in the Valley.
The new strategy will lay out the goals and guidelines for how the Pentagon handles cyber issues, an issue which Pentagon leaders have been increasingly vocal about over the last year.
The overall focus of the strategy falls into three categories: defending DoD networks, systems, and information; defending against cyber attacks of what the department calls "significant consequence;" and providing integrated cyber capabilities to military operations.
Carter has personally been working on the development of the new cyber strategy, according to a pair of senior defense officials who previewed the policy for reporters on a conference call Wednesday.
The new guidance updates DoD's last crack at a cyber strategy, which was produced in 2011. And while that policy may have worked then, the first defense official noted, "four years ago, when you think how the Internet progresses, is a very long time."
The new strategy will "guide the development of DoD cyber forces and strengthen our cyber defense," the first official said. Carter "wanted to make it clear we have a well organized plan, we have goals and objectives … we have a roadmap for the next several years."
The last part, the official emphasized, is key. This strategy is not just a general guidance, but comes with specific tasks and deadlines built in.
"The strategy does include goals and specific objectives, and it is drafted and thought through in a way we want to make sure people can meet those goals and objectives," he said. "It really is a strategic plan we will use day in and day out over the next couple of years."
Those specifics will be rolled out when Carter's full cyber strategy is released, but a summary provided by the Pentagon provided five overarching strategic goals.
The first is the development and maintenance of a cyber force, something that began with 2013's investment in the Cyber Mission Force. To accomplish that, the Pentagon will build up an integrated operational platform for cyber operations, accelerate R&D in the cyber world and attempt to asses the Cyber Mission Force's capabilities to handle multiple situations at once.
The second goal is the defense of DoD's network, something that involves building up a single security architecture to move away from developing service-specific systems that each need custom solutions for cybersecurity. It also involves inserting heavier cybersecurity into the defense industrial base to counter the theft of intellectual property.
The third goal is the cyber defense of the homeland, which relies heavily on communication with other partner services — something the second defense official acknowledged hasn't always happened in the past by noting "a little interagency tension" when the Pentagon rolled out its last cyber strategy.
The Department of Homeland Security and the FBI have the lead for all domestic cybersecurity issues, the official said, adding that "far less than 2 percent of overall attacks against the US" would get DoD involved.
The fourth part of the cyber strategy calls for the development of a plan to control escalation during a conflict — or to make sure the US does not fall behind in a virtual arms race. To that end, the DoD will develop "cyber capabilities to achieve key security objectives with precision, and to minimize loss of life and destruction of property," the factsheet reads.
The first official acknowledged deterrence in the cyber realm isn't easy, because the attacks can come in such varied fashion. While you can deter a nuclear attack with threat of nuclear retaliation, cyber can run from small denial of service strikes to IP theft to the manipulation of data.
The final part of the strategy involves closer work with foreign allies in order to build up capacity in the digital realm.
Asked what role the National Security Agency (NSA) would have in the new strategy, the first Pentagon official said the group was "heavily involved in the drafting of the strategy," but quickly noted that "because of issues with NSA in the past, we've thought about how we want to be transparent and open to respect privacy and the constitution."
Outreach to Silicon Valley
Part of the cyber strategy involves the creation of stronger ties to America's research hubs and commercial industry.
To help tap into that, Thursday's speech will announce a series of new initiatives designed to reach out to the Silicon Valley culture that Carter has openly admired.
Citing a "fundamental shift" in how technology is developed, the second senior official said the Pentagon has to be open to ideas coming from non-traditional defense sectors.
More and more of these technologies are developed in start ups," the official said. "DoD must be open."
The first step involves the creation of the Defense Innovation Unit Experimental, a permanent office that will serve as a conduit between the California tech world and the Pentagon.
The details of where that new group will operate are still being worked out, but the likely option is Moffett Federal Airfield, located just six miles from the heart of Silicon Valley. The Pentagon is aiming for a launch date next month on that group, although the second defense official would not commit to that.
At the same time, DoD is standing up a Pentagon-specific branch of the US Digital Service, which grew out of the team that, as the first official put it, "rescued HealthCare.gov" after its messy launch. That group, which will be located in the Pentagon, will first tackle the issue of making sure records from DoD and Veterans Affairs are interoperable.
"I expect very good things will come of this," the second official said.
In addition, the Pentagon will expand the Secretary of Defense Corporate Fellows program. That program sends 15 to 20 officers to sit in with top commercial companies for a year, but the return of information has not materialized in the way Pentagon leadership want to see.
Hence, the program will expand to be a two-year setup. The first will still involve sending officers to work at companies, but the second year will feature specific assignments at DoD to implement specific business practices they picked up outside the building.
After his speech, Carter will travel to meet with Facebook COO Cheryl Sandberg, followed by a visit to Andreessen Horowitz, a major Valley venture capitalist firm.
Those talks are primarily so Carter and his team can "hear about new trends in technology from leading bankers and technologists out there," the second defense official said. "He also wants to hear specifically from senior leaders in the valley on things we can do to facilitate relationships."