New capabilities brought about by the digital revolution have transformed the way the Department of Defense approaches data and connectivity. While the department has already embarked on its journey to strengthen U.S. cyber capabilities, there are still steps that must be taken to ensure that data is secure at all levels.
Though technology itself plays a huge role in cyber operations, there is a human element at its core. With initiatives like Joint All-Domain Command and Control bringing more data processing to the edge, it is critical to equip all involved parties with a strong understanding of cybersecurity, according to experts in the field, who came together for a panel discussion during the Potomac Officers Club’s 4th Annual CIO Summit last week.
“As technology matures, we need the right people. In my world, technology without the right people means failure, so we must be deliberate and intentional to make sure that we understand what skills we have,” said Wanda Jones-Heath, principal cyber adviser for the Department of the Air Force.
Matthew Picerno, ASA(ALT) chief cyber acquisition officer for the U.S. Army, said that changing workforce culture remains the most challenging aspect of driving cybersecurity improvements.
“It’s easy to buy things and throw technology at the problem, but it is so dependent on so many different groups of people,” he said.
Bill Dunlap, director of the Defense Advanced Research Projects Agency’s Information Technology Directorate, said that when implementing modern cybersecurity measures, such as zero trust, proper training is key.
He said that operators – especially those at the edge – will not always have a cyber expert around them to guide their technology use.
“It’s not just about the cyber workforce getting that training, it’s also about teaching the average user and having that become a way of doing business,” Dunlap added.
Picerno noted that training cannot be conducted using a one-size-fits-all approach. Cybersecurity training, he said, should be extended to all parties within the DOD to build a cross-functional workforce.
“The end goal is to have a digital mindset throughout the enterprise, not just in our cyber community. We need to put people with those skills in other areas as well,” said Heath-Jones.
She added that the road to achieving this type of environment is a “two-way street” that requires consideration of what technology, investments and other provisions will best support the warfighter. Users, she said, are the best advocates for their needs, and to fulfill these requirements, they must be heard.
“For the department, it is really about the warfighter,” she emphasized.
The need for a collaborative approach is not just limited to internal DOD operations. Picerno highlighted the importance of working with U.S. allies to establish standards for interoperability between nations, which he said is already a regular occurrence.
“When we go to war or enter conflict through competition, we don’t do it alone. We need to acknowledge upfront that we operate as a joint force, a coalition force, and we have to reflect that in how we establish requirements, spend money and make investments – but there are also technical limitations,” he said.
In all cases of cooperation, the effectiveness of a technology depends on its users. Leaders, Dunlap said, must prepare operators to properly interact with their information to ensure that security is maintained.
“You can go to any cyber summit happening today and find 100 shiny tools that you can install,” said Dunlap. But what really matters, he said, is whether or not the people who will be operating these systems understand the principles behind them and the importance of data protection.
For more vibrant discussions on cyber, the Potomac Officers Club is hosting its 2023 Cyber Summit on June 8. Event attendees have the opportunity to hear the insights of numerous cyber experts, who will come together to consider the role of cyber in the federal government. To learn more and register to attend, click here.
