The Pentagon must keep pace with the iPhone, but can't and won't

Deputy Defense Secretary William J. Lynn's heart was in the right place when he addressed the audience yesterday at RSA Security Conference, but his own words belied the impossibility of the plan.
Written by John Hazard, Contributor

A Pentagon official, yesterday, urged Silicon Valley to join the Industrial-Military Complex.

Then he challenged the industry to maintain it's current, blazing pace, within the confines of Department of Defense authorization, Congressional oversight, government purchasing approvals and an alphabet soup of agencies competing for jurisdiction.

Fat chance.

Deputy Defense Secretary William J. Lynn's heart was in the right place when he addressed the audience yesterday at RSA Security Conference (video) in San Francisco. But his own words belied the impossibility of the plan.

"It currently takes the Pentagon 81 months to field a new computer system. The iPhone was developed in just 24 months. That is less time than it takes us to prepare a budget and receive Congressional approval for it. This means I get permission to start a project at the same time Steve Jobs is talking on his new iPhone. It's not a fair trade. We have to close this gap.  Silicon Valley can help us."

Eighty-one months -- seven years -- is far too long for an organization trying to work with an industry that evolves monthly to defend against attacks that spread in milliseconds.

Lynn outlined "Cyber 3.0" the Pentagon's plan to overcome the some of the barriers to speedy research and development. The DoD and the the Department of Homeland Security, will cooperate with private industry to share information, technology and people to engage to coordinate public-private network defenses and collaborate on R&D. The DoD will also invest $500 million in "seed capital" for companies to develop dual-use technologies that serve our cyber security needs."

All good ideas, but  none of those proposals will move speedometer, if the Pentagon can't amend its Byzantine authorization, oversight and approvals process.

About all Cyber 3.0 promises to do in that realm is to expose a new class to the pace of life on the Potomac. The Information Technology Exchange Program (a pilot program is already underway) will allow for the exchange of IT and cyber security personnel between government and industry.

"We want senior IT managers in the Department to incorporate more commercial practices.  And we want seasoned industry professionals to experience first-hand the unique challenges we face at DoD. As we expand participation I hope many of you consider applying.  The Department, and the nation, need your expertise."

In other words, Silicon Valley personnel will learn just how difficult is is to get anything done in a timely manner. Soldiers call in S.N.A.F.U. -- Situation Normal All F-ed Up.

Why it won't work

Cyber 3.0 overlooks two key elements.

  1. Silicon Valley is already part of the military industrial complex. One need only drive south from the Pentagon on Route 267 to see an outpost of every major and most minor IT firms. The military's collaboration with Silicon Valley invented the Internet.
  2. Real speed and agility will only come when Congress overhauls the military-industrial complex's authorization and procurement processes surrounding R&D as well as its own oversight apparatus. And recent history says that won't happen.

The 9/11 Report, now eight years old, identified hundreds of stumbling blocks to national security and intelligence gathering inherent in the hierarchy of sprawling agencies as well as an oversight process that dolled out oversight authority to 88 congressional committees and subcommittees. In eight years, Congress and two presidents have done little to act on the report.

A more recent example in the news is the battle over the Marine Corps's Expeditionary Fighting Vehicle, a project in development so long (since 1988) it is has long been considered obsolete. The Pentagon's latest budget finally killed the Marin's EVF project, but lobbyists and members of congress have threatened to pursue it.

Lynn presented Doomsday scenarios if the collaboration were to fail in it's mission and a group like al-Qaeda were to get hold of a malicious attack like Stuxnet. "... few weapons in the history of warfare, once created, have gone unused," he reminded the group. Far more likely, but equally devastating is the possibility of  an "accidental release of toxic malware."

"A destructive tool could inadvertently escape its creator and be let loose ‘in the wild'...

To prevent something as trivial as a thumb drive stuck in the wrong computer from having a calamitous effect on the global economy, we need defenses that can stop toxic malware."

One need only watch the HBO movie Pentagon Wars to know what Lynn, hackers and the world are up against.

Editorial standards