8 March 2018

The Cyber-Luddites Are at It Again

By Michael Nordeen

Defense News recently reported that the Department of Defense (DoD) is considering a cell phone ban at the Pentagon. The report further suggests a potential ban could include other wearables and other locations. Simply stated, a ban of this type should be considered highly inadvisable, and even the discussion of it should be considered suspect. The department should be headed in exactly the opposite direction – use more technology, use it everywhere, and learn how to build a system resistant to attack and resilient to penetration.

DoD civilians and service members of all stripes are already subject to draconian use policies for personal and work-related technology systems. For years, the department has taken the approach that the old system was more defendable and thus reverting to old technology. Rather than attract and retain the talent to defend against nefarious uses of technology and making the necessary investments in defendable infrastructure, or promoting policies to protect personal privacy, DoD personnel, and the public at large the DoD simply avoids the problem by eliminating the uses that are subject to significant attack. This approach has resulted in a defense workforce outside of the National Security Agency, particularly so among mid-grade and senior leaders, largely inept in the use or understanding of a broad range of cybertechnology tools from social media to collaborative software to the “art of the possible” technology innovations that could solve defense problems.

Name any time in the history of warfare where avoiding the negative implications of new technology by limiting its use turned out to be a successful strategy in the next war. It would almost be akin to foregoing the use of the airplane in WWI or WWII because the enemy could track them optically or with radar whereas lorries and tanks could move supplies and munitions while avoiding long-range detection. The situation is analogous to the commercial sphere as well. Large banks, likely subjected to the most intense cyber-probing, do not avoid technology by prohibiting their employees from utilizing it or their customers from realizing technology’s benefits. They embrace it as do a full-range of other commercial endeavors. The market would simply have it no other way.

Yes, some get hacked – Sony, Target, Equifax to name a few – but the commercial sector learns and responds. The Department of Defense should do the same by increasing resilience to prevent an officer in a 6th fleet operations staff with a compromised cell phone or wearable fitness device, or an intentional insider threat, from causing damaging information loss across the entire fleet, the Navy at large, or across the entire department. Certainly, such compromises will cause damage, but the system must be structured in a way to minimize damage while allowing the workforce to interact with technology in the same way the rest of the world does – personally and professionally.

Unlike commercial enterprises where the result of successful abuse of available information or cyber-intrusion can cause significant financial damage, the example cited in the article above maps where military personnel are working and recreating, compromising their physical safety. While true, it suggests policies should be put in place compelling the data collectors and aggregators to provide easily understood and usable privacy options to all customers, military and civilian. Those policies could be advocated for globally to reach a standard that both recognizes the value of freely shared data and the rights of individuals. It should not mean limiting technology interaction for a certain class of user.

The Luddite approach to technology policy in the defense sector is the wrong approach. It weakens our ability to swim in the technology space, understand its limitations, learn how to harness its power while protecting or defending it. Rather, we chose to simply avoid it. Cybertechnology will be a major factor in any significant global conflict in the future. We need to intimately know its power and limitations. Learn, not avoid. The existence of such limited use policies scares off and pushes out exactly the kind of people we need to lead U.S. defense efforts in the future – young, connected, tech-savvy, go-getters. On the contrary, this policy keeps around those who would rather hide from the problem and fight the war we know than figure out how to win the future

No comments: