Cybersecurity industry leaders and former military cyber experts told the Senate Armed Services Committee on Wednesday that the Pentagon needs to adopt more commercial cybersecurity technology.
“The Department of Defense faces a similar challenge to the private sector. The very same threat actors that are targeting private industry today to steal intellectual property and sometimes carry out destructive attacks are trying to break into DoD networks to conduct espionage and degrade our warfighting capabilities,” said Dmitri Alperovitch, co-founder and CTO of cybersecurity firm Crowdstrike.
Witnesses at the hearing highlighted areas where they feel the private sector is ahead of DoD.
“The DoD lags behind the mature, state-of-the-art commercial technology,” said Francis Landoff, senior partner at Core Consulting and a 30-year veteran of the National Security Agency (NSA).
“I have observed, as a rule, that companies with exciting new technical approaches in cybersecurity, backed by prestigious and savvy venture capital investors, struggle to get meetings with the Defense Department, much less a chance to demonstrate their product and make sales. This is true even when there appears to be genuine government interest,” Landoff said.
“Network defenders are losing the cybersecurity battle because they’re bringing people to a software fight,” said John Davis, Federal chief security officer at Palo Alto Networks, adding, “It’s like bringing a knife to a gun fight.” He advocated for more automated tools, expanded testing programs, and incentives for companies to share threat intelligence.
Alperovitch touched on the need for more hunting of active threats on DoD networks. He suggested a 1-10-60 rule similar to the one at Crowdstrike: 1 minute to detect a threat, 10 minutes to identify the issue, and 60 minutes to remediate the issue.
Witnesses also testified to the need for speeding the security clearance process to attract more talent to the military.
For the senators in attendance, the need for faster clearance processes and more talent were top of mind.
“We have also had a hard time attracting and retaining talent, a critical issue in the area,” said Sen. Kirsten Gillibrand, D-N.Y.