US Defense Secretary Ash Carter's new cyber strategy and push to harness the power of Silicon Valley are key and welcome steps to improving the cyber security of the United States and its allies.
The strategy fleshes out what President Barack Obama hinted at earlier this year: that when threatened, the United States will use all means at its disposal to deter or respond to a cyber attack, including cyber capabilities, kinetic action, law enforcement or financial measures.
The deterrence element is critical in a world that has grown accustomed to pilfering America's military secrets, commercial intellectual property and, in the case of the Sony episode last year, aggressively attacking a business enterprise.
Information has long been a staple of warfare, and cyber a domain of warfare. It is a space where the US and many other nations have demonstrated their prowess, and where those most dependent on the free information flow are the most vulnerable.
In unveiling the strategy in Silicon Valley, Carter became the first defense secretary in two decades to meet with top executives on their turf, driving home the point that the Pentagon was coming to Silicon Valley to help improve the nation's security with top-quality people and technology. And in opening an office there, he hopes to bring what Silicon Valley has to offer back to the Pentagon.
Other arms of the Pentagon have overseas technology offices that act as collaborative conduits for good ideas. To have the same for cyber — in a US domestic context — will pay massive long-term dividends. It's a reform initiative that the Pentagon has been pursuing for nearly 20 years as commercial industry began to outpace DoD as America's high-tech engine: attract the nation's best, brightest and most competitive talent and technology to solve the Pentagon's most difficult problems.
Carter's idea to lure talent into uniform at mid-career is inspired and long overdue to allow the military access to skills and insights it would not otherwise be able to tap. And by planting career personnel in Silicon Valley, they too will learn valuable lessons.
But to best take advantage of the cross-pollination the DoD seeks, culture change is needed on both sides. Silicon Valley's culture is one of rapid experimentation and development of products, while DoD is regarded as ponderous, risk-averse and burdened by overregulation. A good model now for what the future cooperation with Silicon Valley should look like is the evolving relationship between the US Air Force and SpaceX. To its great credit, the Air Force is working with SpaceX to update its certification processes to check the right boxes, and ditch the boxes that may no longer be relevant. Industry must be patient as DoD reforms for this great cause.
Such an evolution is key in cyber, where technology cycles are measured in months not years, and much has changed since DoD's 2011 strategy.
Still, challenges remain to better integrate the nation's cyber warning and response systems.
Unsaid in the new strategy is whether the US Cyber Command should be upgraded from its current status as a supporting organization to a full-fledged combatant command.
The US military depends on its extensive and — for the time being — robust networks as a critical war-fighting edge, but senior leaders have been identifying weaknesses that need to be shored up. At the same time, forces have been exercising how to keep operating should an adversary destroy, degrade or deceive these networks. While each corner of the US military needs to step up its cyber game, it would be wise to designate an organization that can lead in a military crisis.
Ultimately, this is as much about people and culture as technology. The good news is, cyber is a priority for Carter who wants the best of both.