- The Department of Defense and the private sector must share threat intelligence information if either is to successfully mitigate the growing flood of cyberthreats, according to Terry Halvorsen, CIO of the Department of Defense.
- Halvorsen, speaking during the National Defense Industrial Association’s Executive National Security Forum July 28, said both the private and public sector need cybersecurity tactics that are effective, rapid and agile, according to Federal News Radio.
- Halvorsen also reiterated that the federal government needs private sector help to meet its cybersecurity objectives.
Halvorsen recently made a trip to Silicon Valley as part of ongoing efforts to recruit private sector help with federal cybersecurity efforts and to "push the envelope" in public-private cybersecurity cooperation.
The DOD and its partners need to be able to more quickly share data, Halvorsen said. The agency also needs to move much faster if if it’s to keep pace with industry.
"I generally can’t operate anything on my network without authority to operate," Halvorsen said, according to Federal News Radio. "An average accreditation is over a year. … A year is way too long for us to be waiting for changes. It also costs a whole heck of a lot of money."
"The biggest driver is time," Halvorsen said. "We can’t be as agile as we need to be."
The Pentagon has been fairly progressive in working with the private sector. Earlier this year, the agency launched the federal government’s first bug bounty program—Hack the Pentagon—which invited pre-approved security researchers to find potential security flaws in five DOD websites.
In May, the agency also said it plans to automate and virtualize its information networks in order to improve efficiencies and reduce costs. A virtualized network could also potentially allow DoD to outmaneuver potential cyberthreats, because they could easily create a new virtual network and move users off a compromised network to a new one.