Intelligence agencies that jump to slap a “Top Secret” label on every bit of valuable threat information they come across are missing out on opportunities to partner with powerful external organizations and companies, a Defense Department CIO said.
“Why is that as soon as I find out something interesting about a threat, I label it at a very high classification?” asked Dave DeVries, principal deputy CIO for DOD. “We’re working on that. We’ve got to change that. Gone are the days that the only ones who knew anything that was going on were the NSAs [National Security Agency] of the world.”
Speaking at VMware’s Public Sector Innovation Summit, produced by FedScoop, DeVries argued that in the post-Edward Snowden era, the DOD and intelligence community aren’t the only entities focused on security.
“The playing field has been leveled,” he said. “We’re all in the same family together now. From the bankers to the real estate…we’re all in this thing together here.”
By classifying threat information, DeVries suggested, the Pentagon was shutting out industry partners and information sharing and analysis centers, which could play a vital role in tracking those concerns and mitigating risks.
“Today the telecom industry alone, and the other vendors that operate networks, sees all kinds of traffic,” he said. They see all kinds of patterns. They can do the big data analytics on it. We can share that stuff.”
DeVries continued: “If you look around there are groups forming up in every single sector out there, from education to automotive to manufacturing to transportation to medical. They’re coming up with special niche worlds dealing with security. We’ve got to tie those things together there, because we all can’t be recompeting the same things and coming up with the same value statements there.”
Indeed, to develop redundant security across organizations is extremely costly. Despite mostly flat spending on IT as a whole, spending on IT security is increasing year-to-year by as much as 20 percent in some cases, according to VMware CEO Pat Gelsinger.
“We’re spending dramatically more on security than we are on any other aspect of IT,” Gelsinger said at the summit. “And the cost of breaches is increasing faster than the increase in [security spend]. So in other words, the more you spend, the more you’re getting behind.”
For his part, DeVries challenged innovators in industry to bring that high price tag down to make it so the security of agencies is possible, even in a declining fiscal environment.
“We owe it to the American public to do the right thing, to maintain the security, to maintain the integrity of the data,” he said. “Let’s do it together … No longer can the public side of the house bear the brunt of it.”
