THE BLOG

Federal and Private Sectors' Approaches to Cyber Collide

04/22/2015 01:40 pm ET | Updated Jun 21, 2015

Americans are accustomed to the transfer of technology from the federal government to the consumer world. Those who grew up in the '70s remember Tang commercials touting the sweet citrus flavored breakfast powder as a being developed by NASA. The list of crossover technologies is long: Microwave ovens, GPS navigation, the Internet, and more recently UAVs, which kicked off the commercial drone movement.

But in the 21st century and the post 9/11 global-risk environment (which has provoked threats as diverse as ISIS, financial manipulation, and sophisticated cyber attacks), we are seeing the emergence of a new type of technology crossover involving national security and the commercial tech market -- or 'cross-convergence.' Cross-convergence is simply the recognition that the private sector can benefit from USG technology capabilities and the USG needs innovative commercial technologies. This "know-how" sharing is helping deal with major issues facing our country, especially cybersecurity.

COOPERATION IMPERATIVE

The USG has been dealing with cyber attacks for a very long time, and while notable and embarrassing breaches have occurred, government agencies that have been able to invest in protecting their information assets have remained ahead of the curve. While USG agencies have been able to invest in both advanced technologies and the analytics to understand the nature of advanced cyber threats, until recently, commercial enterprises have limited their solutions to technology fixes. But that is changing as cross-convergence encourages more information sharing.

Such sharing is particularly important because public and private sector organizations are being targeted by the same groups. In addition, critical government operations and the citizenry share and depend on the same internet infrastructure - cooperation is essential. While the federal government unifies its cyber defenses around new agencies like the Cyber Threat Intelligence Integration Center, this shared threat is driving a unified response on a broader level. This movement encompasses the best of commercial and government, and is built on shared approaches, technologies, and workforces.

SHARED APPROACHES

Last October, a collaboration among commercial cyber security researchers dubbed "Operation SMN" exposed the exploits of a cyber threat group. The malware associated with this group impacted national corporations - including retailers and banks - and United States government agencies. Operation SMN was successful because commercial entities shared their data to solve a common problem. Operation SMN not only collected a vast amount of threat telemetry data and identified specific malware families, but it also defined where the geographic footprint of the attackers. From this coordinated effort, the coalition was able to quickly and globally counteract the threat.

In February, President Obama issued an executive order promoting Information Sharing and Analysis Organizations to further encourage the sharing and understanding of threat intelligence. To counter innovative threat actors with low start-up costs and mutating tactics, the cyber analytics community is adopting government-style operations centers and more collaborative approaches to information sharing.

SHARED TECHNOLOGY

As national security players and commercial enterprises take up arms to safeguard their networks against shared adversaries, they have less and less time to understand, decide, and act. These new processes require technology that is robust enough to handle massive data sets, yet quick enough to move at the speed of daily operations. Beyond providing raw processing power, technologies need to support the rapid conception, establishment, operation, and tear-down of new initiatives.

Both sides are relying more on technologies that enable lower level decision-making, often by providing useful ways of understanding and interacting with shared datasets. In-Q-Tel, the CIA's venture capital firm, invested in better ways of interacting with geospatial data. This technology became Google Earth. More recently, Uber has eliminated the central taxi dispatcher, pushing a similar map-based view to riders and drivers.

SHARED WORKFORCE

The convergence of common approaches and technologies allows for skill transfer between public and private tech sectors. This sharing of talent is a net positive, both in terms of labor efficiency and the encouragement of collaborative exercises. But, as in many other STEM disciplines, there is a human resources challenge in the short and medium term, with hundreds or even thousands of openings for cyber professionals. This is most apparent in the cybersecurity domain, which intelligence officials say now trumps terrorism as the largest threat to the United States.

But on the talent side there is a two-way flow, too, so there is reason for hope. Even as there is significant concern about the brain drain from the cyber corps protecting USG networks to the private sector, the government and national security contractors have recruited some great talent away from Silicon Valley. As critical as some may be of the Millennials, these young men and women have fought more battles than any generation since the Great one of WWII. So it's no surprise that some want to have a positive impact in the post 9/11 ISIS threatened world. Also compelling is that these talented techies want to work on the very hardest problems involving the largest data sets and most sophisticated threats--that still happens primarily inside government agencies. And to make this flow of talent even easier, some agencies are considering loosening security restrictions, and developing non-traditional career tracks.

A VIRTUOUS CYCLE

Cross-convergence is here to stay and it's good for both the public and private sectors. Drones delivering packages and large corporations running threat intelligence centers are in the foreseeable future. And the day when the USG is 70 percent cloud-based and federal procurement is executed via 'one click' purchasing is on the horizon as well. What matters most, though, is that the best talent in DC and Silicon Valley are working on the toughest problems, together.