Pentagon wants industry’s help to bolster allies and partners’ cybersecurity
WASHINGTON — Still in the nascent stages, the Pentagon is working on ways to help bolster cybersecurity for allies and partners and wants to increase its engagement with industry for solutions, according to Mieke Eoyang, deputy assistant secretary of defense for cyber policy.
“As we look at allies and partners and their cybersecurity and the interest of adversaries in undermining, via cyber, our allies and partners in the context of our commitments and our alliances when we are going to fight together, it’s really important that we think about cybersecurity of our allies and partners and that we think about how to bring that up to speed,” Eoyang said at C4ISRNET’s CyberCon on Nov. 10.
“We’re hearing frequently from our allies and partners” across NATO, in Europe and in the Asia Pacific region “requests for assistance in the cybersecurity arena,” she said.
The Defense Department needs to do “a better job” understanding how it can use the Defense Security Cooperation Agency and other mechanisms to help allied and partner nations improve their own cybersecurity, Eoyang added.
To effectively help other nations, she said, the Pentagon will need industry’s help.
“I would argue that some of the best talent is actually in the private sector because we in the department certainly can’t afford to pay what the private sector pays in many of these circumstances,” Eoyang argued.
The Pentagon has begun discussions with DSCA as well as regional commands and Cyber Command about how to work together to improve cybersecurity for allies.
DoD has offered in-house cybersecurity capacity- and skill-building in the past, “but we’re not the only people who can help with that and so doing a better job of understanding what’s available out there in the private sector, how that might fit for ally and partner needs, we have a lot of work to do here, but we are really interested in moving forward,” Eoyang said.
“It’s certainly a conversation we look forward to having with industry to better understand what are the obstacles to doing that? How can we incentivize that,” she said.
Eoyang stressed not all nations are “equally situated to their understanding of the highly capable threat that we’re all up against.”
Strong cybersecurity among allies and partners, Eoyang said, is key because “when you fight as a coalition, you have to plan together, you have to train together and if those activities are compromised via cyber means where the adversary figures out how to get inside our playbook and inside our huddle, that’s a real problem for our ability to fight and win together.”
Meanwhile, Eoyang’s Pentagon cyber policy shop is currently focused on solving problems within two major areas: securing elections and protecting critical infrastructure from ransomware attacks like the one that shut down the Colonial Pipeline in May and led to fuel shortages in several states.
“I think in the past, a lot of people thought of these things just as crime and nuisance and not rising to the level of a national security threat that would involve the Department of Defense,” she said, “but we see the adversaries’ capabilities rise in this area. Ransomware is very clearly a priority for the Department of Defense and we are actively engaged in the whole-of-government efforts to disrupt and impose consequences on those malicious actors.”