Departure of the Pentagon CISO

I’ve had the good fortune to work with talented folks in my (short) time in Washington, since moving back East in 2002, particularly in the Intelligence Community and Department of Defense.  And one such fellow at DoD has been Bob Lentz, the outgoing deputy assistant secretary of Defense for information and identity assurance – the Chief Information Assurance Officer and equivalent to a private-sector CISO.

I gave an interview this afternoon to Federal News Radio (AM 1500 in the DC area, worldwide at www.FederalNewsRadio.com), on Bob’s tenure, and what will come next for DoD in the wake of his departure. You can read the news story about the interview here, or listen to the entire 15-minute interview as an mp3:

Shepherd interview on Federal News Radio, 10/13/2009

Not everything has gone perfectly, or even well, for Pentagon infosec during his tenure; we have been fighting several wars, declared and undeclared, real and cyber, during the past few years. It’s an unbelievably daunting mission, to secure the nation’s ability to defend herself and our most critical systems amid unrelenting attack.

But Bob has worked closely with the private sector on information security technological advances – he and I joined several leading Silicon Valley startup CEOs, leading-firm CISOs, and venture-capital entrepreneurs in the Information Technology Security Entrepreneurs Forum, or ITSEF.  He’s worked closely with DHS and NSA, including in the establishment of the Pentagon’s Cyber Command. He has also taken a number of counter-intuitive approaches, ranging from getting involved with Black Hat and DEFCON, to establishing jointly with the IC the Unified Cross Domain Management Office, or UCDMO. If you have the right credentials, visit the UCDMO SharePoint Collaboration Site (requires Intelink-U Access), or see their open web site at http://www.ucdmo.gov/.

This week Bob himself published a great “farewell column” in Government Computer News, “5 Key Challenges to DoD’s Cybersecurity.” The article includes policy advice for his successor and the Defense Department as a whole – but it is thoughtful advice that should be read by any CISO.  I’ll include his bullet-point list from the article: he writes, “If I had to list five of the biggest challenges that remain, my list would include”:

  • The need to continuously harden the network, in this era of Web 2.0, cloud services, and increased mobile workforce and growing global requirements.
  • The whole area of Supply Chain Risk Management. As the threat changes, we need to adjust as well, which includes rolling out technologies that inspect and secure the supply chain.
  • Raising awareness across DOD and greater national security community on cyber resilience, so that commanders are prepared to operate in a contested cyber domain when communications are degraded or, worse, untrusted. The increased complexity of our technologies, coupled with our even greater dependence on them for mission success, make this an imperative.
  • The necessity of education, training and workforce manning for critical IT/IA skill sets.
  • And, again, the need to move to multi-factor and attribute-based identity assurance access for people, devices, data and applications.

That third bullet could be read as a provocative statement (which in Washington terms means admitting the truth): Imperfection, in DoD!  Military commanders are going to have to put up with “untrusted” communications systems in “a contested cyber domain.”  That’s the harsh reality, and military commanders are on the front lines in facing it. Bob Lentz’s successor will find his boots challenging to fill.

Share this post on Twitter

Email this post to a friend

AddThis Social Bookmark Button

4 Responses

  1. Excellent overview. Bob Lentz and John Grimes have left an important legacy to this country that few Americans will appreciate. But that legacy may prove to be just as important as the development of the strategic nuclear force in the 1950’s.

  2. […] On Departure of Pentagon CISO Lewis Shepherd notes the departure of Robert Lentz, DoD’s Chief Information Assurance Officer, and broadly praises the work he’s carried out during his tenure, controversial though some […]

  3. Mike – thanks for the comment. I hope you’re right about the historical context, i.e. paralleling the 50’s strategic nuclear force development. I say that I hope you’re right, because imagine the consequences otherwise.

  4. my will and legacy. i leave nothing to nobody burn my money. OR: you have a slightest minute chance to transfer UNCONDITIONALLY USD 144,000,000.00 to my account otherwise I pull the pentagon budplug even at stake of my living: Sberbank Branch Lenina 37 Murmansk NWRussia konto #42306 810 7 4102 0022190 34 il you are intending to kill me the budplug pulls off immediately after my death unconditional and without investigation onto whether it were you or chance. any other violation of my liberties and the budplug pulls off see conditions above.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: