The Hacking Economy

Obama unveils national cybersecurity action plan

Clay Dillow, special to CNBC.com
WATCH LIVE
President Barack Obama speaks at the White House Summit on Cybersecurity and Consumer Protection at Stanford University in Palo Alto on February 13, 2015.
Nicholas Kamm | AFP | Getty Images

The White House's Cybersecurity National Action Plan (CNAP) unveiled today to fortify America's digital defenses is the latest effort to protect Americans, government agencies and companies against the growing number of cyberattacks aimed at everything from national defense and health care to personal consumer data.

It's not surprising that Obama has a request to Congress to boost cybersecurity spending to $19 billion for fiscal year 2017, a 35 percent increase over this fiscal year. The White House also wants to launch a $3.1 billion Information Technology Modernization Fund to retire and replace aging systems in the federal government. To oversee all initiatives, President Obama plans to create a federal chief information officer who would coordinate cybersecurity practices across agencies.

DOD and Silicon Valley X Men

But one of the biggest behind-the-scenes digital counterterrorism efforts under way by the federal government is not getting much publicity: the Pentagon's effort to enlist the help of Silicon Valley to fight military cyberwarfare — including the flow of Islamic State communications across the Internet.

In October it set up a new organization, called Defense Innovation Unit Experimental, or DIUx, in Mountain View, California, a short distance from Google's corporate campus. DIUx represents the DoD's permanent presence in Silicon Valley — a staff of roughly a dozen individuals tasked with seeking out potentially useful technologies as well as reestablishing relationships between the Pentagon and the brightest minds in technology.

DIUx is not a technology incubator, nor is it a venture capital fund. It has no money to seed companies or technologies, and no mandate to purchase products or services on behalf of the Department of Defense. Rather, its primary function is to serve as a matchmaker, directing defense program offices toward companies that might be able to help solve their technology problems and directing companies toward government labs or technology programs that could be potential customers.

As a facilitator, there's little DIUx can do to alter DoD procurement processes or the speed at which the larger Pentagon moves. But it can more quickly connect military problems with potential technology solutions in an effort to get those technologies to the soldiers and security personnel that need them. It can also help connect those companies with billions in new federal dollars that the Obama administration is expected to funnel toward cybersecurity and other high-tech innovations in the next budget.

DIUx is not the military's first attempt at fostering this kind of military-tech sector interface. During the opening months of the Afghanistan war, the U.S. Army created a special unit known as the Rapid Equipping Force. When commanders saw a need for a new piece of technology — from robots to help clear roadside bombs to computer systems to help organize and sift through intelligence — the Rapid Equipping Force would seek out a solution and attempt to get it into the field quickly, often in weeks or months rather than years.

Can a public-private partnership work?

But marrying Silicon Valley business models to the lumbering bureaucracy of the Pentagon is a different kind of battle, one whose outcome is far from certain.

Taken as a whole, the Department of Defense is likely the most plugged-in institution in the world, said Andrew Philip Hunter, a senior fellow and director of the Defense-Industrial Initiatives Group at the Center for Strategic and International Studies. "The DoD is an amazing font of knowledge about technology," he said. "If you want to know what the cutting edge of technology is in just about any area, you will find an expert in the DoD that knows it chapter and verse."

But while all that knowledge resides within the sprawling tendrils of the U.S. defense enterprise, it's painfully difficult to access it. An engineer at the Office of Naval Research or at a contractor like Boeing or Lockheed Martin can know something to which a decision maker in the Pentagon is oblivious.

This disconnect between problems and potential solutions underscores the Pentagon's core technology problem. "There's an incredible wealth of information that the department has in its data banks in theory," Hunter said. "In practice, it has a really hard time leveraging and accessing that information."

An inside look at what's driving the hacking economy

The Pentagon wants to change that by making it easier to put military problems in front of the coders and engineers with the best chance of solving them. Silicon Valley, meanwhile, is arguably home to the greatest concentration of programming and engineering talent in the world. But creating a bridge between the two is more difficult than simply piping the Pentagon's problems to the West Coast.

Challenges both cultural and practical contribute to the disharmony between the way the Pentagon does business and the way Silicon Valley innovates. The DoD, with 2 million employees and an acquisition process wound tightly in red tape, moves extremely slowly. The Pentagon routinely spends years or even decades developing fighter jets, submarines and other military hardware — a pace that simply doesn't dovetail with Silicon Valley's voracious appetite for new products and return on investment.

That doesn't improve a business case that's already a tough sell to companies with valuations stretching into the billions, Hunter said.

"I think the single biggest disconnect is that in reality, defense is an incredibly small market," he said. "From a Silicon Valley perspective, there's just very little money to be made."

Cybercrime costs the world $445B a year
VIDEO1:1101:11
Cybercrime costs world $445B a year

Despite the challenges, the Pentagon is forging ahead and making its case. Even Secretary of Defense Ash Carter has personally turned up in Silicon Valley to push for a new bond between the world's premier tech corridor and the U.S. federal government. "Renewing our partnership is the only way we can do this right," he told a crowd assembled in a Stanford University lecture hall in April. In a 40-minute address, Carter drove home the myriad ways cyberwarfare and cybersecurity are reshaping the modern battlefield. He then announced that the Pentagon was coming to Silicon Valley to stay.

As U.S. Army Colonel Peter Newell, who headed the Rapid Equipping Force for three years during the Afghanistan and Iraq conflict, points out, what determines success in this new form of warfare "is how well you change after the first bullet is fired."

He should know. After retiring from the Army, Newell moved to Palo Alto, California, and in 2014 launched BMNT Partners alongside a few colleagues he'd met during his days scouring Silicon Valley for the Rapid Equipping Force.

BMNT specializes in pairing government technology problems — typically, DoD-related problems — with Silicon Valley companies best suited to provide solutions. It's largely a matter of relationships and knowing one's way around the Valley, Newell said. "Once you figure out who to get in a room and explain a problem to them, a wave of things start happening."

So far, that model has proved successful for BMNT, Newell said, and establishing a full-time presence in Silicon Valley will allow the Pentagon to develop the know-how and relationships it needs to deliver technologies more rapidly.

— By Clay Dillow, special to CNBC.com