I had the opportunity to deliver a cyber intel brief to a senior SES last week who oversees a significant set of programs at the Pentagon. He was flanked by two other SES (including the one I report to) as well as a room full of highly-qualified GS-15s. The content was how to get key leaders to participate and understand our threat landscape and how to take action on it.
I've briefed admirals, generals and SES before, but this one was different. This individual KNEW the terms and technology I was talking about. He had years in the field and in the industry and understood the terms, technologies, threats vulnerabilities and concepts I presented. A 30min presentation ended up being a 90 minute discussion. And for those who know, getting 10 minutes of an SES's time is rare, but getting three SES for 90 minutes means the subject was significant.
Effective communication to leadership is usually cut and dry and to the point.
As I went through the threats that was identified to various platforms and systems, he asked very poignant and technical questions. He was genuinely interested in the "how" and what we could do about it. He engaged with me directly and looked to his peers for feedback. It was a very different briefing than I'm used to. I drove home key points about the real threats and vulnerabilities in the field, labs and operating environment and dictated that our senior leaders were not attending these briefs, and thus making potentially uninformed decisions for their acquisition and research & development platforms.
At the end he asked, "What can I do to help?" Caught flat-footed, I said there are three things we need your help with:
1. Change intelligence acquisition from hunting to gathering. Currently there are a handful of websites on high-side networks which someone can obtain content. These websites are constructed all different and categorize their intel in different ways. I visited our Intel officer last week to work this content and he had no less than 12 tabs open, all on different pages. We need to go from hunting for intel to being able to gather it. There should be a central repository where all 17 IC agencies can submit intel to, where it's sorted, sifted, redundancies reduced and presented in a customizable user experience.
2. I need senior leaders to attend these intel briefings. If these leaders are making acquisition, engineering and architecture decisions for weapon systems, air platforms and various other secret programs and the only intel they're getting is from cable news and their Facebook feed, then what they're designing is not considering any of the intel that is being collected in the field. To stay ahead of the enemy, we need them to attend understand how this applies to their environment. They need to see that no one is immune from the bad guys.
3. Finally, we need a better mechanism for turning Intel into Guidance. Throwing a senior raw intel won't do any good unless they know what to do with it. That is where the cyber analyst along with the engineers can turn raw intelligence into actionable guidance to help make better decisions. Intel offices don't understand how their audience operates, so there needs to be local interpretation by someone who understands how and why a hack happened and what their local organization can do to minimize the same risk.
We walked downstairs afterwards and all agreed to these courses of action. Nothing was written down and I don't know if any of these actions will be followed-up on, but I know the direction I need to steer the ship for our command, and hopefully to help continue to influence for the DoD.
#2019Goals
No comments:
Post a Comment