Video of DoD Innovation Discussion at Cybersecurity Summit

Earlier this week I wrote (“Beware the Double Cyber Gap“) about an upcoming Cybersecurity Summit, arranged by AFCEA-DC, for which I would be a panelist on innovation and emerging technologies for defense.

The Summit was a big success, and in particular I was impressed with the level and quality of interaction between the government participants and their private-sector counterparts, both on stage and off. Most of the sessions were filmed, and are now available at http://www.cybersecuritytv.net.

You can watch our panel’s video, “Partnering with Industry for Innovation,” and it will provide an up-to-the-moment view of how US Cyber Command and the Department of Defense as a whole are attacking the innovation challenge, featuring leadership from the USCYBERCOM Capabilities Development Group, and the Defense Innovation Unit-Experimental. Solarflare CEO Russ Stern (a serial entrepreneur from California) and I offered some historical, technical, market, and regulatory context for the challenge those two groups face in finding the best technologies for national security. Most of my remarks are after the 16:00 minute mark; click the photo below to view the video:

From my remarks:

“I’m here to provide context. I’ve been in both these worlds – I came from Silicon Valley; I came to the Defense Intelligence Agency after 9/11, and found all of these broken processes, all of these discontinuities between American innovation & ingenuity on one hand, and the Defense Department & the IC & government at large…

Silicon was a development of government R&D money through Bell Labs, the original semiconductor; so we have to realize the context that there’s been a massive disruption in the divorcing of American industry and the technology industry, from the government and the pull of defense and defense needs. That divorcing has been extremely dramatic just in the past couple of years post-Snowden, emblematically exemplified with Apple telling the FBI, “No thanks, we don’t think we’ll help you on that national security case.”

So these kinds of efforts like DIUx are absolutely essential, but you see the dynamic here, the dynamic now is the dog chasing the tail – the Defense Department chasing what has become a massive globally disruptive and globally responsive technology industry…  This morning we had the keynote from Gen. Touhill, the new federal Chief Information Security Officer, and Greg told us that what’s driving information security, the entire industry and the government’s response to it is the Internet – through all its expressions, now Internet of Things and everything else – so let’s think about the massive disruption in the Internet just over the last five years.

Five years ago, the top ten Internet companies measured by eyeballs, by numbers of users, the Top 10 were all American companies, and it’s all the ones you can name: Amazon, Google, Microsoft, Facebook, Wikipedia, Yahoo… Guess what, three years ago the first crack into that Top 10, only six of those companies were American companies, and four – Alibaba, Baidu, Tencent, and Sohu – were Chinese companies. And guess what, today only five are American companies, and those five – Google, Amazon, Microsoft, Facebook, Yahoo – eighty percent or more of their users are non-U.S. Not one of those American internet companies has even twenty percent of their user-base being U.S. persons, U.S. citizens. Their market, four out of five of their users are global.

So when [DoD] goes to one of these CEOs and says, “Hey c’mon, you’re an American” – well, maybe, maybe not. That’s a tough case to sell. Thank God we have these people, with the guts and drive and the intellect to be able to try and make this case, that technological innovation can and must serve our national interest, but that’s an increasingly difficult case to make when [internet] companies are now globally mindsetted, globally incentivized, globally prioritizing constantly…”

Kudos to my fellow panelists for their insights, and their ongoing efforts, and to AFCEA for continuing its role in facilitating important government/industry partnerships.

Young Americans and the Intelligence Community

A few days ago I travelled down to Orlando – just escaping the last days of the DC winter. I was invited to participate in a conference hosted by the Intelligence Community’s Center of Academic Excellence (IC CAE) at the University of Central Florida.  The title of my speech was “The Internet, 2015-2025: Business and Policy Challenges for the Private Sector.” But I actually learned as much as I taught, maybe more. Continue reading →

Peering into North Korea’s Future: the Cyber Angle

Looking out over the DMZ into the drab proto-industrial North Korean villages along the border.

With the death of North Korean dictator and “Dear Leader” Kim Jong Il, I join the rest of the world in welcoming this early Christmas gift… at least I hope that it proves to be so.

Egypt’s Mubarak is gone but the country is less stable; post-Qadhafi Libya’s political course is still an open question. So uncertainty is the only safe prediction about North Korea’s near-term political environment. But no nation’s people have endured such unrelenting deprivations (mass starvation, no fuel) for so long in the post-World War II era.

I have no special insight into North Korea’s future. My only DMZ visit on the Peninsula, with a close-up look at Panmunjeom and beyond it “the last Stalinist state on earth,” was in 2006 (see my photos and observations here).

But I have noted the Western-education background (and apparently technologically-intensive current activities) of “The Great Successor,” Kim’s son Kim Jong-Un. One can understand the intense focus which Western governments have trained on the younger Kim’s background and activities, for any clues into his plans – and the plans of those who surround him, or potentially could rival him.

Only a year ago, in October 2010 SCIENCE Magazine published a short but interesting story on Kim Jong-Un, asking “Will Korea’s Computer-Savvy Crown Prince Embrace Reform?”

According to internal North Korean propaganda, informants claim, Kim oversees a cyberwarfare unit that launched a sophisticated denial-of-service attack on South Korean and U.S. government Web sites in July 2009. South Korea’s National Intelligence Service blamed the North, which has not commented publicly on the attack. Kim Jong Un’s involvement cannot be confirmed, says computer scientist Kim Heung-Kwang, founder of North Korea Intellectuals Solidarity, a group of university-educated defectors that raises awareness of conditions in the North… But it’s plausible: Kim claims that Kim Jong Un was tutored privately by a ‘brilliant’ graduate of Universite Paris X who chaired the computer science department at Kim Chaek University of Technology in Pyongyang before disappearing from public view in the early 1980s.” [emphasis added]

To get a feel for how the North’s military has gone about organizing for cyber activities, the best unclassified source I know of remains Christopher Brown’s 2004 Naval Postgraduate School thesis “Developing a Reliable Methodology for Assessing the Computer Network Operations Threat of North Korea.” Brown wrote, by the way, that his thesis was an attempt “to prove that a useful methodology for assessing the CNO capabilities and limitations of North Korea can be developed using only open source information” (emphasis added). Brown also wrote about the early personal role of Kim Jong Il’s eldest son Kim Jong Nam in establishing the priority of computer network operations among military activities (Nam once headed a North Korean intelligence agency, though in recent years he dissipated into a South-Park-like role as a casino-loving playboy).

More recently, there’s information on North Korea’s cyber hacking military units here, where StrategyPage.com concluded (in 2009) that “North Korea is something of a museum of Stalinist techniques. But it’s doubtful that their Internet experts are flexible and innovative enough to be a real threat.”

The contrary view, with a heightened state of alarm about North Korea’s capabilities and intentions, runs through Richard Clarke’s 2010 book Cyber War, where he recounts breathlessly the Soviet-Olympic-style recruitment of “elite students at the elementary-school level to be groomed as future hackers.” In a publicity interview for the book, Clarke told Forbes magazine: “if you ask who’s the biggest threat in the sense that they might use their abilities, it might be North Korea. First, they’re crazy, and second, they have nothing to lose.”  Even China’s People’s Daily English-language version carried a dire summary in December 2010 of North Korea’s aggressive cyber intentions, “Cyber Attack from Pyongyang: South Korea’s Nightmare?”

I hope and expect that cyber activities will not be the immediate focus of the new post-Kim Jong Il leader. Certainly regime transition and  consolidation of authority is the first priority. So far, two days after the actual death, we’re seeing a mannered roll-out of news and propaganda consistent with the clockwork transition from “Great Leader” Kim Il-Sung to his own son in 1994.

Everyone’s watching….

My stroll over to the far side of the famous Demilitarized Zone (DMZ) table, where I was testing the patience of the MP breathing down my neck.

DARPA crowd guru gets a new lab

It’s been a little over two years since I came back to the tech private sector from my government service, and it’s great when we have other folks take the same path, for it improves the knowledge of each side about the other. Today we’re announcing that Peter Lee, currently the leader of the Defense Advanced Research Projects Activity’s innovative Transformational Convergence Technology Office (TCTO), is joining Microsoft to run the mighty flagship Redmond labs of Microsoft Research.

Continue reading →

Inside Cyber Warfare

One year ago, the buzz across the government/technology nexus was focused on a pair of political guessing games. Neophytes mostly engaged in debating over whom the newly-elected President would name to be the nation’s first Chief Technology Officer. Grizzled Pentagon veterans and the more sober Silicon Valley types wondered instead who would get the nod as President Obama’s “Cyber Czar.”

Continue reading →

Cyber Deterrence Symposium webcast

As I type this, I’m sitting in a seventh-floor conference area at George Washington University’s Elliott School of International Affairs, listening to the keynote speaker for the second of five panels today in the “Cyber Deterrence Symposium,” a joint production of INSA (the Intelligence and National Security Alliance), and the Homeland Security Policy Institute.

If you’re reading this on the day of the symposium (Monday November 2, 2009), you can tune in to the live webcast of the speakers and panels. It is a stellar line-up, see the roster below.

Continue reading →

Departure of the Pentagon CISO

I’ve had the good fortune to work with talented folks in my (short) time in Washington, since moving back East in 2002, particularly in the Intelligence Community and Department of Defense.  And one such fellow at DoD has been Bob Lentz, the outgoing deputy assistant secretary of Defense for information and identity assurance – the Chief Information Assurance Officer and equivalent to a private-sector CISO.

I gave an interview this afternoon to Federal News Radio (AM 1500 in the DC area, worldwide at www.FederalNewsRadio.com), on Bob’s tenure, and what will come next for DoD in the wake of his departure. You can read the news story about the interview here, or listen to the entire 15-minute interview as an mp3:

Shepherd interview on Federal News Radio, 10/13/2009

Continue reading →

The Cyber Trough of Disillusionment

I’ll call the moment: the cyber security field is now past its giddy buzzword peak.

Gartner is well known for preparing “hype cycle” analysis of technology sectors, as in their recent publication of the 2009 “Hype Cycle for Social Software.” That report got a lot of attention on Twitter and in blogs, naturally; social medians are nothing if not self-reflective regarding their community. I thought an interesting take was by an IBM developer, who compared the 2008 version against the new one, measuring the changes in predicted “time to maturity” for individual technologies, and thereby coming up with something like a measure of acceleration. By that measure, individual blogging and social search made the most rapid gains.

But I notice something missing on the full list of 79 Gartner hype cycle reports: there’s not one about “cyber security.”

Continue reading →

DHS Job Opening for Cyber Security CTO

There’s been much press attention to the promised new position of “Federal Chief Technology Officer” in the new Obama Administration, but the government has another vitally important CTO opening, and the job advertisement just got posted.

Agency: Department Of Homeland Security, DHS Headquarters
Sub Agency: National Cyber Security Center
Job Announcement Number: CHCO-08-055DHS
Title: Chief Technology Officer
Salary Range: 117,787.00 – 177,000.00 USD
Series & Grade: [Senior Executive Service] ES-2210-00/00
Duty Location: Washington DC Metro Area, DC

   – USAJOBS.com listing 

 

I received an email last week from a DHS friend quietly asking that I “publicize” the listing once it was posted, which was scheduled to be last week.  I checked for it online Friday – the first day applications were to be accepted – but must have looked too early for I didn’t see it listed.  That’s understandable, given the holidays, so I checked again last night, prompted by a note from Bob Gourley of CrucialPoint, and the listing was live.

The listing has an application deadline of Thursday, January 15, 2009, so if you’re interested in applying you had better get cracking.

Let’s look at a couple of the specific points mentioned in the job announcement. Continue reading →

Elbowing for Obama influence between new CTO, new cyber czar

Today’s Friday – usually a big news day in Washington, whether by design (bury bad news late in a deep weekend news hole) or by human error (bureaucrats tried all week to get something done and slipped it in at the deadline).  There should be Obama cabinet announcements today, and meanwhile tech luminaries across the country are sitting by their phones, drumming their fingers and hoping for a call offering them the position of the nation’s first Chief Technology Officer. Norm Lorentz, who was OMB’s first-ever CTO, told C-SPAN this week that “If I were asked, I would serve in a heartbeat.”

Continue reading →