“We must embed higher levels of security and authentication in hardware, operating systems, and network protocols,” Lynn said. The National Strategy for Trusted Identities in Cyberspace, a White House initiative, “will lay one building block of this more secure future,” he said.
“It will take the course of a generation to have a real opportunity to engineer our way out of some of the most problematic vulnerabilities of today’s technology,” he said.
To spur security improvements, the Defense Department is adding $500 million for new research in cyber technologies, with a focus on areas like cloud computing, virtualization, and encrypted processing, Lynn said. The department also is providing seed capital to companies through its “Cyber Accelerator” pilot program to produce dual-use technologies that address cyber security needs, he said.
The department must speed its adoption of these new technologies, Lynn said.
“It currently takes the Pentagon 81 months to field a new information technology system. The iPhone was developed in just 24 months,” he said. “We have to close this gap, and Silicon Valley can help us.”
The Pentagon will expand its Information Technology Exchange Program, which manages temporary “job-swaps” between the department and industry IT experts, he announced.
“We want senior IT managers in the department to incorporate more commercial practices,” he said. “And we want seasoned industry professionals to experience, first-hand, the unique challenges we face at DOD.”
Lynn also announced that DOD is beginning a program to maximize its use of cyber expertise within the National Guard and Reserve.
Many reservists have a high level of IT knowledge they use in their civilian jobs, Lynn said. To make better use of those skills, he added, DOD will increase the number of Guard and Reserve units dedicated to cyber missions.
At the same time, the department is working to extend its expertise to industry.
“Because of our intelligence capabilities, government has a deep and unique awareness of certain cyber threats,” he said. “Through classified threat-based information, and the technology we have developed to employ it in network defense, we can significantly increase the effectiveness of cyber security practices that industry is already carrying out.”