I’ve had the good fortune to work with talented folks in my (short) time in Washington, since moving back East in 2002, particularly in the Intelligence Community and Department of Defense. And one such fellow at DoD has been Bob Lentz, the outgoing deputy assistant secretary of Defense for information and identity assurance – the Chief Information Assurance Officer and equivalent to a private-sector CISO.
I gave an interview this afternoon to Federal News Radio (AM 1500 in the DC area, worldwide at www.FederalNewsRadio.com), on Bob’s tenure, and what will come next for DoD in the wake of his departure. You can read the news story about the interview here, or listen to the entire 15-minute interview as an mp3:
Not everything has gone perfectly, or even well, for Pentagon infosec during his tenure; we have been fighting several wars, declared and undeclared, real and cyber, during the past few years. It’s an unbelievably daunting mission, to secure the nation’s ability to defend herself and our most critical systems amid unrelenting attack.
But Bob has worked closely with the private sector on information security technological advances – he and I joined several leading Silicon Valley startup CEOs, leading-firm CISOs, and venture-capital entrepreneurs in the Information Technology Security Entrepreneurs Forum, or ITSEF. He’s worked closely with DHS and NSA, including in the establishment of the Pentagon’s Cyber Command. He has also taken a number of counter-intuitive approaches, ranging from getting involved with Black Hat and DEFCON, to establishing jointly with the IC the Unified Cross Domain Management Office, or UCDMO. If you have the right credentials, visit the UCDMO SharePoint Collaboration Site (requires Intelink-U Access), or see their open web site at http://www.ucdmo.gov/.
This week Bob himself published a great “farewell column” in Government Computer News, “5 Key Challenges to DoD’s Cybersecurity.” The article includes policy advice for his successor and the Defense Department as a whole – but it is thoughtful advice that should be read by any CISO. I’ll include his bullet-point list from the article: he writes, “If I had to list five of the biggest challenges that remain, my list would include”:
- The need to continuously harden the network, in this era of Web 2.0, cloud services, and increased mobile workforce and growing global requirements.
- The whole area of Supply Chain Risk Management. As the threat changes, we need to adjust as well, which includes rolling out technologies that inspect and secure the supply chain.
- Raising awareness across DOD and greater national security community on cyber resilience, so that commanders are prepared to operate in a contested cyber domain when communications are degraded or, worse, untrusted. The increased complexity of our technologies, coupled with our even greater dependence on them for mission success, make this an imperative.
- The necessity of education, training and workforce manning for critical IT/IA skill sets.
- And, again, the need to move to multi-factor and attribute-based identity assurance access for people, devices, data and applications.
That third bullet could be read as a provocative statement (which in Washington terms means admitting the truth): Imperfection, in DoD! Military commanders are going to have to put up with “untrusted” communications systems in “a contested cyber domain.” That’s the harsh reality, and military commanders are on the front lines in facing it. Bob Lentz’s successor will find his boots challenging to fill.
Filed under: Government, Intelligence, Technology Tagged: | Beltway, Black Hat, Bob Lentz, CIAO, CISO, computer, cross-domain, cyber, Cyber Command, cybersecurity, DC, DEFCON, Defense Department, Department of Defense, DoD, entrepreneur, FedNewsRadio, GCN, Government Computer News, IC, identity management, information security, infosec, IT, ITSEF, military, mp3, NSA, Pentagon, politics, radio, risk, Risk Management, Robert Lentz, SharePoint, Silicon Valley, Supply Chain, tech, Technology, UCDMO, Washington