DOD looks to Silicon Valley to automate cyber response

Terry Halvorsen

DOD CIO Terry Halvorsen says more automation could also make attacking DoD targets less attractive for hackers.

Pentagon CIO Terry Halvorsen says Defense Department efforts to tap Silicon Valley entrepreneurial and tech development expertise could help take care of some repetitive cybersecurity maintenance drudgery, freeing up cyber defenders for more important tasks.

In a media conference call on Sept. 15, Halvorsen said he hopes DoD’s six-month-old effort to develop cyber defense technologies with Silicon Valley companies will produce tools that automatically take care of everyday cybersecurity chores such as software patching, system diagnostics and data logging. He’s also looking to Silicon Valley to help develop better defenses against first-time “Zero-Day” attacks.

Those automated capabilities, he said, will not only allow the agency to move IT personnel to more critical work, but could also make attacking DoD IT less attractive to less sophisticated cyber marauders.

Smaller scale attacks based on commonly available exploits may cost attackers only a few dollars to launch, but can cost the DoD huge sums to defend against, he said. Automating the responses to such simple attacks can raise the costs of making the attack in the first place, he said. “If the response is fast enough, it can make it too expensive to play” for some smaller attackers, he said.

Earlier in September, Halvorsen called for industry help in changing the economics of cyberspace so that it is more costly for hackers to inflict damage and cheaper for the Pentagon to defend itself.

Halvorsen is also looking to California for scarce cyber personnel, hoping the lure of working on huge, meaningful national defense projects can outweigh the Valley’s advantages.

The Pentagon’s IT offices don’t have the in-house cafes and other amenities that some high-tech company offices have, but it offers a greater purpose, according to Halvorsen. “That Valley atmosphere encourages people to stay at work,” he said. “We suffer. We can’t pay like the [private] cybersecurity sector. However, we do offer the chance to work on projects with huge scale and importance.”

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.

Nominate Today!

Nominations for the 2018 Federal 100 Awards are now being accepted, and are due by Dec. 23. 


Reader comments

Thu, Sep 17, 2015 Don O'Neill

Message to Halvorsen! When it comes to Cyber Security, it's not about money and it's not about cafes and amenities. Instead it's about know how in meeting industry challenges and government responsibilities. • Industry challenges demand renovating the rotten core of the software profession and its Cyber Security practice and shifting the onus for privacy and security from supplier to consumer. • Government responsibilities include removing government obstacles to consumer self-help and unleashing new Cyber weapons for privacy and security governance. The way forward calls for adopting new and useful Cyber expectations for both industry and government. The following markers of Cyber expectation need to be laid down: • Eliminate unchecked free riders whose presence attracts Cyber attacks • Don’t use the Internet for data and information you can’t afford to lose • Expect fines for neglectful Cyber Security practice • Expect the use of three factor authentication • Expect the use of unfettered data encryption • Expect to be prosecuted for false claims assertions in privacy policies • Provide industry with indemnification and expect data and information sharing • Expect Industry partners to purchase Cyber Insurance as actuarial data improves • Expect zero tolerance for technical debt, defects, and deferment of effort • Expect adoption of Clean Room Software Engineering • Expect adoption of Next Generation Software Engineering

Thu, Sep 17, 2015

Why go all the way out to California when DISA has successfully automated their patching and compliance tasks using COTS products and local contractors. Agencies need to get out of the business of re-inventing the wheel over and over again and into the business of re-using and improving what has been proven to work for others. Just sayin'

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group