This CTOvision Pro produced analysis focuses on the technological needs for DoD in order to ensure a modern infrastructure while enhancing DoD ability to defend itself. It specifically calls for a shift in R&D spending in DoD.
The Need For A Strategic Pivot in DoD R&D: A concept piece for enhancing DoD cyber security posture
Speeding technology acquisition is a key goal of the department’s “Strategy for Operating in Cyberspace” and we found strong support for this tenant throughout our study. There is wide-spread agreement that technology innovation is at the forefront of national security and that DoD must enhance its ability to speed its acquisition processes, especially in support of cyber operations. We have found, however, a significant difference in what is being called for in technology innovation and what is being done. The department is investing R&D in cyber projects for defense and offense, but these activities too frequently assume a high degree of customization will be allowed before systems will be fielding into DoD. This runs contrary to the stated cyber strategy, which seeks to replicate the dynamism of the private sector to harness the power of emerging computing concepts. DoD must be willing to sacrifice and defer customization to achieve speedy incremental improvements. Remaining wed to expensive long-term customization activities is a key reason why much of the department still operates on an operating system that is over a decade old and now unsupported by the vendor community. We believe a strategic pivot of DoD R&D spending on IT can mitigate this and other weaknesses and turn our IT infrastructure into a much more resilient one.
The Pivot: Shift Cyber R&D To The Tracking And Influencing Of Commercial IT.
The information technology in use in DoD today is based on commercial off the shelf IT. Commercial IT is now in use globally, and it is also produced globally. It ubiquitous, intertwined, and so powerful and contributes so much to humanity that it is being invested in and improved upon everywhere. IT is no longer solely under the control of any one organization or even any one nation. The globe’s IT is moving by autonomous market driven forces and an advancement of science.
This means a system of techno-assemblages so complex that no one individual or group could possibly understand and never control is now forming the basis of DoD’s infrastructure. Enhancing our trust in our IT and mitigating threats to resilience will require new approaches. No longer can we invest as if we can shape an understandable stand-alone system that can be evaluated in isolation. We must invest in ways that recognize the limits of our influence and focus on those prioritized factors we can change.
This calls for a pivot in our cyber related R&D. We must pivot our R&D to raise our awareness of where the cyber market is going and focus investment on the things we can influence.
We Recommend the Following Guidance in Execution of this Pivot:
Technology developments, including developments in Hardware, Software, and Concepts, are moving so fast that a greater apportionment of resources must be spent on tracking both the capabilities of existing IT and the mega trends of the IT industry. Under existing policies and acquisition regulations, procurements are to be conducted in ways that take into account “market assessments” but in practice it has become impossible for any procurement official to understand current capabilities in the IT marketplace, let alone coming changes to the market. It has become intractable to optimize evaluations of engineering trades in procurements. Traditionally R&D is focused on creating capabilities far into the future but pivoting to studies closer to the present will aid in the continuous procurement decisions DoD professionals must make every day. Additionally, R&D focused on IT mega trends that we can hardly influence will also inform procurement strategies and decisions since items being planned for today must be relevant and resilient in a future being impacted by these mega trends.
R&D should also accelerate our wisdom on creation of new solutions from existing hardware and software. This is a pivot from an approach that seeks to focus R&D on creation of new hardware and software. The pivot is towards influencing things we can influence. For example, our study revealed eight new technology requirements that we believe will make significant, positive change in the resilience of DoD systems, and each of these eight could be more rapidly fielded by R&D focused on development of systems based on existing IT. None of the below require new science. All can be based on capabilities the IT industry provides today.
Technology | Benefit |
| Cyber “Thin Line” providing survivable out of band C2 including ability to reach into IT industry while in attack | Enhanced deterrent, resiliency, recovery |
| Non-signature based detection of threats | Detect while under attack vice after |
| Secure collaborative environments with visualizations spanning all cyber mission areas | Link communities of interest together enabling more rapid coordination of action |
| M&S tools for cyber mission rehearsal, exercise planning, mission planning | Enhanced mission effectiveness |
| Enhanced COA development, BDA, Situational Awareness and C2 tools | Enhanced mission effectiveness |
| Enhanced Root of Trust, including purge to zero state and BIOS attestation | Increased system resiliency, recovery, restoration after attack |
| Integrated Automation Suites including continuous vulnerability assessment and mitigation | Support to automated hygiene, enhanced defense and more rapid restoration after attack. |
| Technology for cyber audit and forensics, including reverse engineering tools | Assessment of damage from attacks and continuous hygiene monitoring |
More CTOvision Reporting:
- The Defense Innovation Board Provides Insights Actionable By Government and Industry Technologists
- Working in Cybersecurity: Life on the front lines, in the C-suite, and everywhere in-between
For more on these topics see the CTOvision Guide to National Security Technology and
- An OODAcast Conversation with Dr. David Bray of the Atlantic Council Geotech Center (Part One) - April 3, 2020
- OODAcast– A Conversation with Dan Gerstein - April 1, 2020
- Update on The End Coronavirus Project and Need for Volunteers - March 28, 2020