DOD looks to Silicon Valley to automate cyber response
Boosting automated capabilities would make more IT personnel available for other critical jobs, says CIO Terry Halvorsen.
DOD CIO Terry Halvorsen says more automation could also make attacking DoD targets less attractive for hackers.
Pentagon CIO Terry Halvorsen says Defense Department efforts to tap Silicon Valley entrepreneurial and tech development expertise could help take care of some repetitive cybersecurity maintenance drudgery, freeing up cyber defenders for more important tasks.
In a media conference call on Sept. 15, Halvorsen said he hopes DoD’s six-month-old effort to develop cyber defense technologies with Silicon Valley companies will produce tools that automatically take care of everyday cybersecurity chores such as software patching, system diagnostics and data logging. He’s also looking to Silicon Valley to help develop better defenses against first-time “Zero-Day” attacks.
Those automated capabilities, he said, will not only allow the agency to move IT personnel to more critical work, but could also make attacking DoD IT less attractive to less sophisticated cyber marauders.
Smaller scale attacks based on commonly available exploits may cost attackers only a few dollars to launch, but can cost the DoD huge sums to defend against, he said. Automating the responses to such simple attacks can raise the costs of making the attack in the first place, he said. “If the response is fast enough, it can make it too expensive to play” for some smaller attackers, he said.
Earlier in September, Halvorsen called for industry help in changing the economics of cyberspace so that it is more costly for hackers to inflict damage and cheaper for the Pentagon to defend itself.
Halvorsen is also looking to California for scarce cyber personnel, hoping the lure of working on huge, meaningful national defense projects can outweigh the Valley’s advantages.
The Pentagon’s IT offices don’t have the in-house cafes and other amenities that some high-tech company offices have, but it offers a greater purpose, according to Halvorsen. “That Valley atmosphere encourages people to stay at work,” he said. “We suffer. We can’t pay like the [private] cybersecurity sector. However, we do offer the chance to work on projects with huge scale and importance.”