The perennial problem for governments in grappling with cyber security and cyber policy more broadly has been ‘how do we engage the private sector’. Those who spend countless hours trawling through policy documents sigh at seeing the immortal words ‘government must work closely with the private sector’ and then seeing little or no content beyond that statement. However, in recent weeks the Pentagon has seen fit to take some quite radical steps to try and address this issue by opening up its own premises in Silicon Valley. You can almost imagine young tech heads and entrepreneurs running to boot up their cyber defences awaiting the coming US cyber army, such is the deep impact that Snowden has had upon their psyches and wallets.
US Defense Secretary Ashton Carter took the step of embarking on a three day tour of Silicon Valley on the back of announcing his department’s new cyber strategy. At a talk at Stanford University he announced the creation of a permanent Defense Department outreach centre, the ‘Defense Innovation Unit Experimental’. This new centre is aimed at ‘scouting emerging and breakthrough technologies’, and will be staffed by active duty and civilian personnel tasked with recruiting some of the tech industry’s brightest minds.
This will be no easy task for a number of reasons. First, there is an ‘image’ problem that the military have in this area. The kinds of minds that the military most want are unsurprisingly not those that are most attracted to it, so it’ll take a lot of convincing to attract these kinds of skills and characters, and create a working environment that they are comfortable in. A second issue is that of salaries; top talent in Silicon Valley will be targeted and paid wages that are out of reach to a government department. This is by no means a problem unique to the US. Australia too faces dilemmas of how to attract and then retain the highest calibre of personnel to deliver its cyber capabilities.
At the first White House cyber security summit, in February 2015, also held in Silicon Valley, President Barack Obama stated that the Snowden episode had been ‘harmful in terms of the trust between government and many of these companies’. There is no doubt that Carter’s trip was part of a broader US Government effort to regain that trust. However, this will be a slow process as US companies have been increasingly distancing themselves from US Government security agencies, as market forces drive them to do so. Companies such as Microsoft, Apple, Cisco, eBay, Verizon, Twitter, and Yahoo have all taken legal steps to demonstrate to an increasingly privacy-focused customer base that they’re prepared to push back against US government requests for data and assistance. In short, it’s impacted their ‘bottom line’ and they’re looking to reclaim some of that back. There’s no doubt that building ‘trust’ back into the relationships with the private sector has become a priority for the US administration.
There are lessons here for all governments in creating a more flexible way of working with the tech sector, first in procurement and second, in profitability. In the cyber domain, not only is the threat consistently morphing, but also the technology and techniques that grow alongside it. Agility is the key to success. However if procurement processes, such as those that exist in the defence world, are slow and cumbersome then it becomes increasingly difficult for companies to justify the time, effort and resource required to persevere. This is especially true of small ‘start-ups’, where a great deal of the exciting developments in cyber emerge. For these companies applying for defence contracts would simply not make sense. Creating a different environment for procurement in this area should be a priority.
The second issue of profitability is also worth considering. The most successful tech companies are used to creating large returns for their investors (we can argue about the responsible taxation of this elsewhere), for example Apple and Google in 2014 produced operating margins of approximately 30%, and Facebook and Intel about 40%. Compare these to the margins that are made by defence companies in the US, which are in the 14-16% range. Nobody is crying about large defence contractors and their ‘meagre’ margins, they are multi-billion dollar organisations after all, but it at least illustrates that the financial motivations for the tech industry to work with government across all sectors aren’t quite at the same level as they are for their wider customer base.
What is clear is that whether it be the US Government or the Australian Government, trust needs to be rebuilt with the big companies upon which they rely on for our online activities as well as reaching into emerging enterprises which will highlight the new advances in the cyber domain. However, the balance of this relationship has undoubtedly changed. In the past a large amount of technological innovation came from government sources, often military, but now much of the significant advances come from the private sector. A private sector which isn’t always interested in a close relationship with government, and doesn’t require its money to succeed.
This shift in this balance is uncomfortable for government, but it needs to grapple with it quickly in order to keep pace with the unfolding cyber landscape.